CVE-2012-5053

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-5053

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

C

ross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html Broken Link
http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf Vendor Advisory
http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html Broken Link
http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf Vendor Advisory
http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr3:-:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr5:-:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr8:-:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr9:-:*:*:*:*:*:*:*
cpe:2.3:o:trimble:infrastructure_gnss_series_receiver_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:trimble:infrastructure_netrs_receiver:-:*:*:*:*:*:*:*
cpe:2.3:o:trimble:infrastructure_netrs_receiver_firmware:*:*:*:*:*:*:*:*
History

21 Nov 2024, 01:43

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html - Broken Link () http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html - Broken Link
References () http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf - Vendor Advisory () http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf - Vendor Advisory
References () http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf - Vendor Advisory () http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf - Vendor Advisory
Information

Published : 2013-03-07 00:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-5053

Mitre link : CVE-2012-5053

CVE.ORG link : CVE-2012-5053

JSON object : View

Products Affected

trimble

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')