12 matches found
CVE-2025-58426
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications...
CVE-2025-58426
The CVE concerns desknet’s NEO across versions V4.0R1.0–V9.0R2.0, where a hard-coded cryptographic key enables an attacker to create malicious AppSuite applications. This is the underlying root cause described in multiple connected sources, with impact stated as attacker-authored AppSuite apps be...
CVE-2025-58079
The advisory shows CVE-2025-58079 in desknet’s NEO AppSuite (desknet’s NEO, versions V4.0R1.0–V9.0R2.0) with CWE-424 (Improper Protection of Alternate Path). Root cause: improper access protection enabling a remote attacker to create malicious AppSuite applications. Impact per sources indicates a...
EUVD-2020-26799
Malware in sbrugna...
CVE-2020-5638
Cross-site scripting vulnerability in desknet's NEO desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...
CVE-2020-5638
Cross-site scripting vulnerability in desknet's NEO desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in desknet's NEO desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...
CVE-2020-5638
Cross-site scripting vulnerability in desknet's NEO desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...
CVE-2020-5638
CVE-2020-5638 affects desknet’s NEO (Small License V5.5 R1.5 and earlier; Enterprise License V5.5 R1.5 and earlier). The issue is a stored cross-site scripting (CWE-79) that allows an attacker to execute arbitrary scripts in a logged-in user’s browser via unspecified vectors. The root cause, per ...
desknet's NEO vulnerable to cross-site scripting
Overview desknet's NEO provided by NEOJAPAN Inc. contains a stored cross-site scripting vulnerability CWE-79. Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
JVN#42199826: desknet's NEO vulnerable to cross-site scripting
desknet's NEO provided by NEOJAPAN Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the software Update the software to the latest version according to the information provided by the...
desknet's NEO vulnerable to directory traversal
Overview desknet's NEO provided by NEOJAPAN Inc. contains a directory traversal CWE-22 vulnerability where it fails to verify html parameter in zhtml.cgi. Hiroyuki Yamashita of M Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...