Cross Site Scripting Vulnerability in Trimble SPS851 Ethernet Configuration Menu
CVE-2025-0220

5.1MEDIUM

Key Information:

Vendor
Trimble
Status
Sps851
Vendor
CVE Published:
5 January 2025

Summary

A vulnerability exists in the Trimble SPS851 version 488.01, affecting its Ethernet Configuration Menu. Specifically, the manipulation of the argument 'Hostname' can lead to cross site scripting (XSS), allowing for remote attacks. This publicly disclosed exploit poses risks as it can be initiated without local access. The vendor, Trimble, was informed about this vulnerability but has not issued any responses or mitigations.

Affected Version(s)

SPS851 488.01

References

https://vuldb.com/?id.290199
vdb-entrytechnical-description
https://vuldb.com/?ctiid.290199
signaturepermissions-required
https://vuldb.com/?submit.464943
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Havook (VulDB User)
.