| 제목 | Trimble SPS851 488.01 Cross Site Scripting |
|---|
| 설명 | I identified a Stored XSS vulnerability when authenticated in the GPS SPS GNSS modular receivers application. When I navigate to the "Receiver Status - Identity" tab, I insert the XSS script into the "System Name" field and refresh the page. The application executes the inserted script, and even after leaving the page and accessing it again, the script remains saved in the "System Name" field.
https://help.fieldsystems.trimble.com/sps/home.htm
script:
<img/src/onerror=prompt(8)> |
|---|
| 원천 | ⚠️ https://github.com/f3rg0d/CVE |
|---|
| 사용자 | Fergod (UID 55882) |
|---|
| 제출 | 2024. 12. 17. AM 01:25 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 04. AM 09:47 (18 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 290198 [Trimble SPS851 488.01 Receiver Status Identity Tab System Name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|