CVE Catalog

CVE-2026-12619

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile - higher than 14% of all known CVEs

Summary

A Cross-Site Scripting (XSS) vulnerability has been discovered in Microchip GridTime 3000 due to improper input neutralization during web page generation. This flaw allows an attacker to inject malicious scripts into a victim's browser.

Risk Assessment

An attacker could exploit this vulnerability to steal session tokens, capture sensitive data, or perform unauthorized actions on behalf of an authenticated user, compromising system confidentiality and integrity.

Recommendation

Immediately upgrade GridTime 3000 firmware to a version later than 1.1r0.0, which includes a fix for the XSS vulnerability.

Original NVD description (English source)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting (XSS). This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS