Desktop Alert PingAlert Cross-Site Scripting Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a cross-site scripting vulnerability that stems from the application's lack of...

CVE-2025-54346

A Reflected Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

EUVD-2025-197628

A Stored Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

CVE-2025-54348

A Stored Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

CVE-2025-54346

A Reflected Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

CVE-2025-54346

A Reflected Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

Desktop Alert PingAlert 安全漏洞

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a cross-site scripting vulnerability that stems from the application's lack of...

PT-2025-46984

Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description A Stored Cross Site Scripting XSS issue exists in the Application Server of the software. This allows an attacker to potentially hijack a user’s browser and capture sensitiv...

EUVD-2025-197627

A Reflected Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

Desktop Alert PingAlert 安全漏洞

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a cross-site scripting vulnerability for which no detailed vulnerability...

EUVD-2017-8977

Malware in sbrugna...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the formtodatabase exten. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious input. Details Cross-site scripting or XSS is a code vulnerability that occurs...

CVE-2024-5673

CVE-2024-5673 affects Dulldusk’s PHP File Manager v1.7.8. The vulnerability is an cross-site scripting (XSS) flaw that can be triggered via the fm_current_dir parameter of index.php. An attacker could deliver a crafted JavaScript payload to an authenticated user, enabling partial hijacking of tha...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to unsanitized crafted user input. An attacker can inject malicious scripts into web pages. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious scri...

Fujitsu Arconte Áurea Cross-Site Scripting Vulnerability

Fujitsu Arconte Áurea is a view recording system from Fujitsu Japan. A security vulnerability exists in Fujitsu Arconte Áurea versions prior to 1.5.0.0. An attacker could exploit this vulnerability to inject malicious JavaScript code that could compromise and take control of the victim's browser,...

Tcman Gim 跨站脚本漏洞

Tcman Gim is a facility management software from the Spanish company Tcman designed for use on mobile devices. A cross-site scripting vulnerability exists in TCMAN GIM version v8.01, which stems from a lack of effective filtering and escaping of the mtxtNom y mtxtCognoms parameters in the softwar...

Qbot Trojan Reappears to Go After U.S. Banking Customers

Qbot, an ever-evolving information-stealing trojan that’s been around since 2008, has reappeared after a hiatus to target customers of U.S. financial institutions. Its latest variant features fresh capabilities to help it remain undetected. Qbot a.k.a. Qakbot or Pinkslipbot harvests browsing data...

RIG Exploit Toolkit Distributing CeidPageLock Malware to Hijack Browsers

By Waqas A previously discovered browser hijacker malware dubbed as CeidPageLock has resurfaced again, in a bigger and better avatar, reveal researchers at Check Point security firm. This time around it is loaded with new features and is being distributed through the RIG Exploit kit. Trend Micro...

WordPress Tooltipy (tooltips for WP) Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Tooltipy tooltips for WP, which allows anyone sending a link to hija...

Threat Round Up for Feb 16 - 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 16 and February 23. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...