Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 24 Dec 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 24 Dec 2025 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser session when viewed. | |
| Title | Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Stored XSS via Config Upload | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-12-24T20:27:01.726Z
Reserved: 2025-12-24T14:28:02.432Z
Link: CVE-2018-25131
Updated: 2025-12-24T20:14:07.819Z
Status : Deferred
Published: 2025-12-24T20:15:46.890
Modified: 2026-06-17T01:54:47.200
Link: CVE-2018-25131
No data.
OpenCVE Enrichment
No data.