Leica Geosystems GR10/GR25/GR30/GR50 GNSS Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Leica Geosystems GR10, GR25, GR30, and GR50 GNSS receivers, all running version 4.30.063. The vulnerability arises from an unrestricted file upload feature in the configuration file upload functionality. This flaw allows attackers to upload malicious HTML files that are saved on the device and can execute arbitrary JavaScript in the context of the user's browser session when the file is viewed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where uploaded malicious files execute JavaScript in the context of the affected user's browser session.

Reproduction

To reproduce this vulnerability, upload a configuration file containing malicious HTML, including JavaScript payloads, through the application's file upload feature. The uploaded file will be stored on the device and can be accessed in a way that triggers the execution of the embedded JavaScript.