Search...

CVE-2020-5638

2020-12-03T12:15:00

ID CVE-2020-5638
Type cve
Reporter cve@mitre.org
Modified 2020-12-04T01:30:00

Description

Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.

JSON Vulners Source

Initial Source

{"id": "CVE-2020-5638", "bulletinFamily": "NVD", "title": "CVE-2020-5638", "description": "Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.", "published": "2020-12-03T12:15:00", "modified": "2020-12-04T01:30:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5638", "reporter": "cve@mitre.org", "references": ["https://jvn.jp/en/jp/JVN42199826/index.html", "https://www.desknets.com/neo/support/mainte/9700/"], "cvelist": ["CVE-2020-5638"], "type": "cve", "lastseen": "2020-12-09T22:03:16", "edition": 2, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "jvn", "idList": ["JVN:42199826"]}], "modified": "2020-12-09T22:03:16", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-12-09T22:03:16", "rev": 2}, "vulnersScore": 5.2}, "cpe": ["cpe:/a:desknets:neo:5.5"], "affectedSoftware": [{"cpeName": "desknets:neo", "name": "desknets neo", "operator": "eq", "version": "5.5"}, {"cpeName": "desknets:neo", "name": "desknets neo", "operator": "eq", "version": "5.5"}, {"cpeName": "desknets:neo", "name": "desknets neo", "operator": "le", "version": "5.5"}, {"cpeName": "desknets:neo", "name": "desknets neo", "operator": "le", "version": "5.5"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:desknets:neo:5.5:r1.5:*:*:small_license:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:desknets:neo:5.5:*:*:*:small_license:*:*:*", "versionEndIncluding": "5.5", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:desknets:neo:5.5:*:*:*:enterprise_license:*:*:*", "versionEndIncluding": "5.5", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:desknets:neo:5.5:r1.5:*:*:enterprise_license:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:desknets:neo:5.5:*:*:*:enterprise_license:*:*:*", "cpe:2.3:a:desknets:neo:5.5:r1.5:*:*:small_license:*:*:*", "cpe:2.3:a:desknets:neo:5.5:r1.5:*:*:enterprise_license:*:*:*", "cpe:2.3:a:desknets:neo:5.5:*:*:*:small_license:*:*:*"], "cwe": ["CWE-79"], "scheme": null}

{"jvn": [{"lastseen": "2020-12-04T14:28:25", "bulletinFamily": "info", "cvelist": ["CVE-2020-5638"], "description": "\n ## Description\n\ndesknet's NEO provided by NEOJAPAN Inc. contains a stored cross-site scripting vulnerability (CWE-79).\n\n ## Impact\n\nAn arbitrary script may be executed on a logged-in user's web browser.\n\n ## Solution\n\n**Update the software** \nUpdate the software to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\n * desknet's NEO Small License V5.5 R1.5 and earlier\n * desknet's NEO Enterprise License V5.5 R1.5 and earlier\n", "edition": 2, "modified": "2020-12-03T00:00:00", "published": "2020-12-03T00:00:00", "id": "JVN:42199826", "href": "http://jvn.jp/en/jp/JVN42199826/index.html", "title": "JVN#42199826: desknet's NEO vulnerable to cross-site scripting", "type": "jvn", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}