<-- Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 JS/HTML Code Injection Vendor: Leica Geosystems AG Product web page: https://www.leica-geosystems.com Affected version: 4.30.063 4.20.232 4.11.606 3.22.1818 3.10.1633 2.62.782 1.00.395 Summary: The Leica GR10 is the next generation GNSS reference station receiver that combines the latest state-of-the-art technologies with a streamlined 'plug and play' workflow. Designed for a wide variety of GNSS reference station applications, the Leica GR10 offers new levels of simplicity, reliability and performance. Desc: The application suffers from a stored XSS vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML or JS code in a user's browser session in context of an affected site. Tested on: BarracudaServer.com (WindowsCE) Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2019-5503 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5503.php Ref: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5502.php 18.12.2018 -->