Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
01 Dec 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Trimble infrastructure Gnss Series Receiver Netr9
Trimble infrastructure Gnss Series Receiver Netr3 Trimble infrastructure Gnss Series Receiver Netr5 Trimble infrastructure Netrs Receiver Trimble infrastructure Netrs Receiver Firmware Trimble infrastructure Gnss Series Receiver Firmware Trimble infrastructure Gnss Series Receiver Netr8 |
|
References | (MISC) http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf - Vendor Advisory | |
References | (MISC) http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf - Vendor Advisory | |
References | (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html - Broken Link | |
CPE | cpe:2.3:h:trimble:infrastructure_gnss_series_receivers:netrs:*:*:*:*:*:*:* cpe:2.3:o:trimble:infrastructure_gnss_series_receivers_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:trimble:infrastructure_gnss_series_receivers:netr9:*:*:*:*:*:*:* cpe:2.3:h:trimble:infrastructure_gnss_series_receivers:netr3:*:*:*:*:*:*:* cpe:2.3:h:trimble:infrastructure_gnss_series_receivers:netr5:*:*:*:*:*:*:* |
cpe:2.3:h:trimble:infrastructure_netrs_receiver:-:*:*:*:*:*:*:* cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr8:-:*:*:*:*:*:*:* cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr5:-:*:*:*:*:*:*:* cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr3:-:*:*:*:*:*:*:* cpe:2.3:o:trimble:infrastructure_netrs_receiver_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:trimble:infrastructure_gnss_series_receiver_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr9:-:*:*:*:*:*:*:* |
Information
Published : 2013-03-07 00:55
Updated : 2024-02-28 12:00
NVD link : CVE-2012-5053
Mitre link : CVE-2012-5053
CVE.ORG link : CVE-2012-5053
JSON object : View
Products Affected
trimble
- infrastructure_netrs_receiver_firmware
- infrastructure_gnss_series_receiver_netr3
- infrastructure_netrs_receiver
- infrastructure_gnss_series_receiver_netr9
- infrastructure_gnss_series_receiver_netr5
- infrastructure_gnss_series_receiver_firmware
- infrastructure_gnss_series_receiver_netr8
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')