CVE-2012-5053

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-5053
Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html Broken Link
http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf Vendor Advisory
http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr3:-:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr5:-:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr8:-:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr9:-:*:*:*:*:*:*:*
cpe:2.3:o:trimble:infrastructure_gnss_series_receiver_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:trimble:infrastructure_netrs_receiver:-:*:*:*:*:*:*:*
cpe:2.3:o:trimble:infrastructure_netrs_receiver_firmware:*:*:*:*:*:*:*:*
History

01 Dec 2023, 14:22

Type Values Removed Values Added
CPE cpe:2.3:o:trimble:infrastructure_gnss_series_receivers_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receivers:netr5:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receivers:netr3:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receivers:netrs:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receivers:netr9:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receivers:netr8:*:*:*:*:*:*:*		 cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr3:-:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_netrs_receiver:-:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr8:-:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr9:-:*:*:*:*:*:*:*
cpe:2.3:o:trimble:infrastructure_netrs_receiver_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:trimble:infrastructure_gnss_series_receiver_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr5:-:*:*:*:*:*:*:*
References (MISC) http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf - (MISC) http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf - Vendor Advisory
References (MISC) http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf - (MISC) http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf - Vendor Advisory
References (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html - (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html - Broken Link
Information

Published : 2013-03-07 00:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-5053

Mitre link : CVE-2012-5053

CVE.ORG link : CVE-2012-5053

JSON object : View

Products Affected

trimble

  • infrastructure_netrs_receiver_firmware
  • infrastructure_netrs_receiver
  • infrastructure_gnss_series_receiver_netr9
  • infrastructure_gnss_series_receiver_netr8
  • infrastructure_gnss_series_receiver_netr3
  • infrastructure_gnss_series_receiver_netr5
  • infrastructure_gnss_series_receiver_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')