CVE-2026-12619
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk14th percentile - higher than 14% of all known CVEs
Summary
A Cross-Site Scripting (XSS) vulnerability has been discovered in Microchip GridTime 3000 due to improper input neutralization during web page generation. This flaw allows an attacker to inject malicious scripts into a victim's browser.
Risk Assessment
An attacker could exploit this vulnerability to steal session tokens, capture sensitive data, or perform unauthorized actions on behalf of an authenticated user, compromising system confidentiality and integrity.
Recommendation
Immediately upgrade GridTime 3000 firmware to a version later than 1.1r0.0, which includes a fix for the XSS vulnerability.
Original NVD description (English source)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting (XSS). This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

