CVE-2018-25131

Description

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser session when viewed.

PUBLISHED Reserved 2025-12-24 | Published 2025-12-24 | Updated 2025-12-24 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/46091 exploit

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5503.php exploit

www.exploit-db.com/exploits/46091 (ExploitDB-46091) exploit

www.leica-geosystems.com (Leica Geosystems Official Product Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5503.php (Zero Science Lab Disclosure (ZSL-2019-5503)) third-party-advisory

cve.org (CVE-2018-25131)

nvd.nist.gov (CVE-2018-25131)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.