CVE-2012-5053 — MEDIUM (4.3)

Q: How severe is CVE-2012-5053?

CVE-2012-5053 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-5053?

Check the references section above for vendor advisories and patch information. Affected products include: Trimble Infrastructure Gnss Series Receiver Netr3, Trimble Infrastructure Gnss Series Receiver Netr5, Trimble Infrastructure Gnss Series Receiver Netr8, Trimble Infrastructure Gnss Series Receiver Netr9, Trimble Infrastructure Gnss Series Receiver Firmware.

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Trimble	Infrastructure Gnss Series Receiver Netr3	-
Trimble	Infrastructure Gnss Series Receiver Netr5	-
Trimble	Infrastructure Gnss Series Receiver Netr8	-
Trimble	Infrastructure Gnss Series Receiver Netr9	-
Trimble	Infrastructure Gnss Series Receiver Firmware	< 4.7.0
Trimble	Infrastructure Netrs Receiver	-
Trimble	Infrastructure Netrs Receiver Firmware	< 1.3-2

Related Weaknesses (CWE)

CWE-79

References

http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.htmlBroken Link
http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNoteVendor Advisory
http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SVendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.htmlBroken Link
http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNoteVendor Advisory
http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SVendor Advisory

FAQ

What is CVE-2012-5053?

CVE-2012-5053 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows r...

How severe is CVE-2012-5053?

CVE-2012-5053 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-5053?

Check the references section above for vendor advisories and patch information. Affected products include: Trimble Infrastructure Gnss Series Receiver Netr3, Trimble Infrastructure Gnss Series Receiver Netr5, Trimble Infrastructure Gnss Series Receiver Netr8, Trimble Infrastructure Gnss Series Receiver Netr9, Trimble Infrastructure Gnss Series Receiver Firmware.