CVE-2012-5053
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
07/03/2013
Last modified:
11/04/2025
Description
Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr8:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr9:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:trimble:infrastructure_gnss_series_receiver_firmware:*:*:*:*:*:*:*:* | 4.7.0 (excluding) | |
| cpe:2.3:h:trimble:infrastructure_netrs_receiver:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:trimble:infrastructure_netrs_receiver_firmware:*:*:*:*:*:*:*:* | 1.3-2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html
- http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf
- http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html
- http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf
- http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf