CVE-2025-24833

Summary

Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.

Affected Software

VendorProductVersion RangeStatus
NEOJAPAN Inc.desknet’s NEOV4.0R1.0 to V9.0R2.0affected

Weaknesses

  • CWE-79: Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References