Search criteria
17 vulnerabilities found for desknet's NEO by NEOJAPAN Inc.
CVE-2025-58426 (GCVE-0-2025-58426)
Vulnerability from cvelistv5 – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:39
VLAI?
Summary
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications.
Severity ?
4.3 (Medium)
CWE
- CWE-321 - Use of hard-coded cryptographic key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V4.0R1.0 to V9.0R2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:38:54.519229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:39:23.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V4.0R1.0 to V9.0R2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "desknet\u0027s NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:40.587Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58426",
"datePublished": "2025-10-16T10:03:40.587Z",
"dateReserved": "2025-09-01T11:21:47.281Z",
"dateUpdated": "2025-10-16T13:39:23.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58079 (GCVE-0-2025-58079)
Vulnerability from cvelistv5 – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:41
VLAI?
Summary
Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.
Severity ?
4.3 (Medium)
CWE
- CWE-424 - Improper Protection of Alternate Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V4.0R1.0 to V9.0R2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:40:00.719482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:41:37.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V4.0R1.0 to V9.0R2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet\u0027s NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "Improper Protection of Alternate Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:35.640Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58079",
"datePublished": "2025-10-16T10:03:35.640Z",
"dateReserved": "2025-09-01T11:21:48.364Z",
"dateUpdated": "2025-10-16T13:41:37.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55072 (GCVE-0-2025-55072)
Vulnerability from cvelistv5 – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:53
VLAI?
Summary
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V2.0R1.0 to V9.0R2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:53:30.294715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:53:55.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V2.0R1.0 to V9.0R2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in desknet\u0027s NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user\u2019s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:29.945Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-55072",
"datePublished": "2025-10-16T10:03:29.945Z",
"dateReserved": "2025-09-01T11:21:43.901Z",
"dateUpdated": "2025-10-16T13:53:55.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54859 (GCVE-0-2025-54859)
Vulnerability from cvelistv5 – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:55
VLAI?
Summary
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V9.0R2.0 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:55:06.603059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:55:28.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V9.0R2.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in desknet\u0027s NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user\u2019s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:24.272Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-54859",
"datePublished": "2025-10-16T10:03:24.272Z",
"dateReserved": "2025-09-01T11:21:42.065Z",
"dateUpdated": "2025-10-16T13:55:28.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54760 (GCVE-0-2025-54760)
Vulnerability from cvelistv5 – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:58
VLAI?
Summary
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V9.0R2.0 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:58:14.027835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:58:37.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V9.0R2.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in desknet\u0027s NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user\u2019s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:19.367Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-54760",
"datePublished": "2025-10-16T10:03:19.367Z",
"dateReserved": "2025-09-01T11:21:42.874Z",
"dateUpdated": "2025-10-16T13:58:37.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24833 (GCVE-0-2025-24833)
Vulnerability from cvelistv5 – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:13
VLAI?
Summary
Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V4.0R1.0 to V9.0R2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:13:28.878995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:13:34.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V4.0R1.0 to V9.0R2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in desknet\u0027s NEO versions V4.0R1.0\u2013V9.0R2.0 allow execution of arbitrary JavaScript in a user\u2019s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:07.930Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24833",
"datePublished": "2025-10-16T10:03:07.930Z",
"dateReserved": "2025-09-01T11:21:44.766Z",
"dateUpdated": "2025-10-16T13:13:34.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5638 (GCVE-0-2020-5638)
Vulnerability from cvelistv5 – Published: 2020-12-03 11:15 – Updated: 2024-08-04 08:39
VLAI?
Summary
Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.desknets.com/neo/support/mainte/9700/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN42199826/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "desknet\u0027s NEO Small License V5.5 R1.5 and earlier, and desknet\u0027s NEO Enterprise License V5.5 R1.5 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in desknet\u0027s NEO (desknet\u0027s NEO Small License V5.5 R1.5 and earlier, and desknet\u0027s NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-03T11:15:31",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.desknets.com/neo/support/mainte/9700/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN42199826/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "desknet\u0027s NEO",
"version": {
"version_data": [
{
"version_value": "desknet\u0027s NEO Small License V5.5 R1.5 and earlier, and desknet\u0027s NEO Enterprise License V5.5 R1.5 and earlier"
}
]
}
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in desknet\u0027s NEO (desknet\u0027s NEO Small License V5.5 R1.5 and earlier, and desknet\u0027s NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.desknets.com/neo/support/mainte/9700/",
"refsource": "MISC",
"url": "https://www.desknets.com/neo/support/mainte/9700/"
},
{
"name": "https://jvn.jp/en/jp/JVN42199826/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN42199826/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5638",
"datePublished": "2020-12-03T11:15:31",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58426 (GCVE-0-2025-58426)
Vulnerability from nvd – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:39
VLAI?
Summary
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications.
Severity ?
4.3 (Medium)
CWE
- CWE-321 - Use of hard-coded cryptographic key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V4.0R1.0 to V9.0R2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:38:54.519229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:39:23.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V4.0R1.0 to V9.0R2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "desknet\u0027s NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:40.587Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58426",
"datePublished": "2025-10-16T10:03:40.587Z",
"dateReserved": "2025-09-01T11:21:47.281Z",
"dateUpdated": "2025-10-16T13:39:23.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58079 (GCVE-0-2025-58079)
Vulnerability from nvd – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:41
VLAI?
Summary
Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.
Severity ?
4.3 (Medium)
CWE
- CWE-424 - Improper Protection of Alternate Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V4.0R1.0 to V9.0R2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:40:00.719482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:41:37.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V4.0R1.0 to V9.0R2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet\u0027s NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "Improper Protection of Alternate Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:35.640Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58079",
"datePublished": "2025-10-16T10:03:35.640Z",
"dateReserved": "2025-09-01T11:21:48.364Z",
"dateUpdated": "2025-10-16T13:41:37.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55072 (GCVE-0-2025-55072)
Vulnerability from nvd – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:53
VLAI?
Summary
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V2.0R1.0 to V9.0R2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:53:30.294715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:53:55.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V2.0R1.0 to V9.0R2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in desknet\u0027s NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user\u2019s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:29.945Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-55072",
"datePublished": "2025-10-16T10:03:29.945Z",
"dateReserved": "2025-09-01T11:21:43.901Z",
"dateUpdated": "2025-10-16T13:53:55.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54859 (GCVE-0-2025-54859)
Vulnerability from nvd – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:55
VLAI?
Summary
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V9.0R2.0 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:55:06.603059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:55:28.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V9.0R2.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in desknet\u0027s NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user\u2019s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:24.272Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-54859",
"datePublished": "2025-10-16T10:03:24.272Z",
"dateReserved": "2025-09-01T11:21:42.065Z",
"dateUpdated": "2025-10-16T13:55:28.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54760 (GCVE-0-2025-54760)
Vulnerability from nvd – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:58
VLAI?
Summary
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V9.0R2.0 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:58:14.027835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:58:37.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V9.0R2.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in desknet\u0027s NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user\u2019s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:19.367Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-54760",
"datePublished": "2025-10-16T10:03:19.367Z",
"dateReserved": "2025-09-01T11:21:42.874Z",
"dateUpdated": "2025-10-16T13:58:37.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24833 (GCVE-0-2025-24833)
Vulnerability from nvd – Published: 2025-10-16 10:03 – Updated: 2025-10-16 13:13
VLAI?
Summary
Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
V4.0R1.0 to V9.0R2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:13:28.878995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:13:34.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "V4.0R1.0 to V9.0R2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in desknet\u0027s NEO versions V4.0R1.0\u2013V9.0R2.0 allow execution of arbitrary JavaScript in a user\u2019s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T10:03:07.930Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.desknets.com/neo/support/mainte/17475/"
},
{
"url": "https://jvn.jp/en/jp/JVN90757550/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24833",
"datePublished": "2025-10-16T10:03:07.930Z",
"dateReserved": "2025-09-01T11:21:44.766Z",
"dateUpdated": "2025-10-16T13:13:34.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5638 (GCVE-0-2020-5638)
Vulnerability from nvd – Published: 2020-12-03 11:15 – Updated: 2024-08-04 08:39
VLAI?
Summary
Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEOJAPAN Inc. | desknet's NEO |
Affected:
desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.desknets.com/neo/support/mainte/9700/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN42199826/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "desknet\u0027s NEO",
"vendor": "NEOJAPAN Inc.",
"versions": [
{
"status": "affected",
"version": "desknet\u0027s NEO Small License V5.5 R1.5 and earlier, and desknet\u0027s NEO Enterprise License V5.5 R1.5 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in desknet\u0027s NEO (desknet\u0027s NEO Small License V5.5 R1.5 and earlier, and desknet\u0027s NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-03T11:15:31",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.desknets.com/neo/support/mainte/9700/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN42199826/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "desknet\u0027s NEO",
"version": {
"version_data": [
{
"version_value": "desknet\u0027s NEO Small License V5.5 R1.5 and earlier, and desknet\u0027s NEO Enterprise License V5.5 R1.5 and earlier"
}
]
}
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in desknet\u0027s NEO (desknet\u0027s NEO Small License V5.5 R1.5 and earlier, and desknet\u0027s NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.desknets.com/neo/support/mainte/9700/",
"refsource": "MISC",
"url": "https://www.desknets.com/neo/support/mainte/9700/"
},
{
"name": "https://jvn.jp/en/jp/JVN42199826/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN42199826/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5638",
"datePublished": "2020-12-03T11:15:31",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2025-000074
Vulnerability from jvndb - Published: 2025-10-16 17:30 - Updated:2025-10-16 17:30
Severity ?
Summary
Multiple vulnerabilities in desknet's NEO
Details
desknets NEO provided by NEOJAPAN Inc. contains multiple vulnerabilities listed below.
- Stored cross-site scripting (CWE-79) - CVE-2025-24833, CVE-2025-54760, CVE-2025-55072
- Reflected cross-site scripting (CWE-79) - CVE-2025-52583
- Stored cross-site scripting (CWE-79) - CVE-2025-54859
- Improper protection of alternate path in AppSuite (CWE-424) - CVE-2025-58079
- Use of hard-coded cryptographic key (CWE-321) - CVE-2025-58426
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000074.html",
"dc:date": "2025-10-16T17:30+09:00",
"dcterms:issued": "2025-10-16T17:30+09:00",
"dcterms:modified": "2025-10-16T17:30+09:00",
"description": "desknets NEO provided by NEOJAPAN Inc. contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2025-24833, CVE-2025-54760, CVE-2025-55072\u003c/li\u003e\r\n\u003cli\u003eReflected cross-site scripting (CWE-79) - CVE-2025-52583\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2025-54859\u003c/li\u003e\r\n\u003cli\u003eImproper protection of alternate path in AppSuite (CWE-424) - CVE-2025-58079\u003c/li\u003e\r\n\u003cli\u003eUse of hard-coded cryptographic key (CWE-321) - CVE-2025-58426\u003c/li\u003e\u003c/ul\u003e\r\n\r\nThe following people reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\nCVE-2025-24833\r\nReporter: Sho Odagiri of GMO Cybersecurity by Ierae, Inc.\r\n\r\nCVE-2025-52583, CVE-2025-54760\r\nReporter: Ryo Sato\r\n\r\nCVE-2025-54859\r\nReporter: Ryo Sato and Daijiro Obata\r\n\r\nCVE-2025-55072, CVE-2025-58079, CVE-2025-58426\r\nReporter: Kentaro Ishii of GMO Cybersecurity by Ierae, Inc.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000074.html",
"sec:cpe": [
{
"#text": "cpe:/a:neo_japan:desknets",
"@product": "desknet\u0027s",
"@vendor": "NEOJAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:neo_japan:desknet_neo",
"@product": "desknet\u0027s NEO",
"@vendor": "NEOJAPAN Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000074",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN90757550/index.html",
"@id": "JVN#90757550",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-24833",
"@id": "CVE-2025-24833",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-52583",
"@id": "CVE-2025-52583",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54760",
"@id": "CVE-2025-54760",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-55072",
"@id": "CVE-2025-55072",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-58079",
"@id": "CVE-2025-58079",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-58426",
"@id": "CVE-2025-58426",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54859",
"@id": "CVE-2025-54859",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in desknet\u0027s NEO"
}
JVNDB-2020-000079
Vulnerability from jvndb - Published: 2020-12-03 17:54 - Updated:2023-03-08 17:02
Severity ?
Summary
desknet's NEO vulnerable to cross-site scripting
Details
desknet's NEO provided by NEOJAPAN Inc. contains a stored cross-site scripting vulnerability (CWE-79).
Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000079.html",
"dc:date": "2023-03-08T17:02+09:00",
"dcterms:issued": "2020-12-03T17:54+09:00",
"dcterms:modified": "2023-03-08T17:02+09:00",
"description": "desknet\u0027s NEO provided by NEOJAPAN Inc. contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nRyo Sato of BroadBand Security,Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000079.html",
"sec:cpe": {
"#text": "cpe:/a:neo_japan:desknet_neo",
"@product": "desknet\u0027s NEO",
"@vendor": "NEOJAPAN Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000079",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN42199826/index.html",
"@id": "JVN#42199826",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5638",
"@id": "CVE-2020-5638",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5638",
"@id": "CVE-2020-5638",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "desknet\u0027s NEO vulnerable to cross-site scripting"
}
JVNDB-2015-000122
Vulnerability from jvndb - Published: 2015-09-01 12:36 - Updated:2015-09-09 14:02Summary
desknet's NEO vulnerable to directory traversal
Details
desknet's NEO provided by NEOJAPAN Inc. contains a directory traversal (CWE-22) vulnerability where it fails to verify html parameter in zhtml.cgi.
Hiroyuki Yamashita of M&K Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000122.html",
"dc:date": "2015-09-09T14:02+09:00",
"dcterms:issued": "2015-09-01T12:36+09:00",
"dcterms:modified": "2015-09-09T14:02+09:00",
"description": "desknet\u0027s NEO provided by NEOJAPAN Inc. contains a directory traversal (CWE-22) vulnerability where it fails to verify html parameter in zhtml.cgi.\r\n\r\nHiroyuki Yamashita of M\u0026K Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000122.html",
"sec:cpe": {
"#text": "cpe:/a:neo_japan:desknet_neo",
"@product": "desknet\u0027s NEO",
"@vendor": "NEOJAPAN Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000122",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN09283606/index.html",
"@id": "JVN#09283606",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2990",
"@id": "CVE-2015-2990",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2990",
"@id": "CVE-2015-2990",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "desknet\u0027s NEO vulnerable to directory traversal"
}