NEO
by desknets
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55072 | Med | 0.35 | 5.4 | 0.00 | Oct 16, 2025 | Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser. | ||
| CVE-2025-54760 | Med | 0.35 | 5.4 | 0.00 | Oct 16, 2025 | Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser. | ||
| CVE-2025-58426 | Med | 0.28 | 4.3 | 0.00 | Oct 16, 2025 | desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications. | ||
| CVE-2025-58079 | Med | 0.28 | 4.3 | 0.00 | Oct 16, 2025 | Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications. |
- risk 0.35cvss 5.4epss 0.00
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.
- risk 0.35cvss 5.4epss 0.00
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser.
- risk 0.28cvss 4.3epss 0.00
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications.
- risk 0.28cvss 4.3epss 0.00
Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.