Reflected Cross-Site Scripting Vulnerability in desknet's Web Server
CVE-2025-52583

5.1MEDIUM

Key Information:

Vendor: Neojapan Inc.
Status: Desknet's Web Server
Vendor: CVE Published:; 16 October 2025

🔔 Create Neojapan Inc. Vulnerability Alert

What is CVE-2025-52583?

A reflected cross-site scripting (XSS) vulnerability exists in desknet's Web Server, which allows an attacker to inject arbitrary JavaScript into the web application. When users interact with affected pages, this malicious script can be executed in their browsers, potentially leading to unauthorized data access or manipulation. Admins should ensure proper input validation and escaping to mitigate this risk.

Affected Version(s)

desknet's Web Server all versions

References

https://www.desknets.com/neo/support/mainte/17475/

https://jvn.jp/en/jp/JVN90757550/

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Sep 1, 2025

JSON