Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 XSS
Posted by deepcore on January 8, 2019 – 7:22 am
Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a stored cross site scripting vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML or JS code in a user’s browser session in context of an affected site.
Post a reply
You must be logged in to post a comment.