Vulnerability Details CVE-2012-5053
Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html
- http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf
- http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html
- http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf
- http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf
Products affected by CVE-2012-5053
-
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr3:-
-
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr5:-
-
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr8:-
-
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr9:-
-
cpe:2.3:h:trimble:infrastructure_netrs_receiver:-
-
cpe:2.3:o:trimble:infrastructure_gnss_series_receiver_firmware:*
-
cpe:2.3:o:trimble:infrastructure_netrs_receiver_firmware:*