CVE-2025-67231

CVE-2025-67231 is a confirmed reflected XSS in ToDesktop Builder v0.33.1. The issue allows an attacker to execute arbitrary code in the context of a user’s browser via a crafted payload. Documented by multiple feeds (NVD, Red Hat, CIRCL, attackerkb, CVE lists) consistently describe a reflected XS...

CVE-2025-67231

A reflected cross-site scripting XSS vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

ToDesktop 代码注入漏洞

ToDesktop is an application from ToDesktop, Inc. that converts a Web application code base into a cross-platform desktop application with native functionality. A security vulnerability exists in versions of ToDesktop prior to 2024-10-03, which stems from a postinstall script that allows a remote...