Subscribe via feed.

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 XSS

Posted by deepcore on January 8, 2019 – 7:22 am

Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a stored cross site scripting vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML or JS code in a user’s browser session in context of an affected site.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.