Submit #464906: Trimble SPS851 488.01 Cross Site Scriptinginfo

TitleTrimble SPS851 488.01 Cross Site Scripting
DescriptionI identified a Stored XSS vulnerability when authenticated in the GPS SPS GNSS modular receivers application. When I navigate to the "Receiver Status - Identity" tab, I insert the XSS script into the "System Name" field and refresh the page. The application executes the inserted script, and even after leaving the page and accessing it again, the script remains saved in the "System Name" field. https://help.fieldsystems.trimble.com/sps/home.htm script: <img/src/onerror=prompt(8)>
Source⚠️ https://github.com/f3rg0d/CVE
User
 Fergod (UID 55882)
Submission12/17/2024 01:25 AM (2 months ago)
Moderation01/04/2025 09:47 AM (18 days later)
StatusAccepted
VulDB Entry290198 [Trimble SPS851 488.01 Receiver Status Identity Tab System Name cross site scripting]
Points20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!