CVE-2026-12621
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk14th percentile - higher than 14% of all known CVEs
Summary
A cross-site scripting (XSS) vulnerability was found in the GridTime 3000 password reset form due to improper input neutralization during web page generation. The issue affects versions from 1.0r0.03 before 1.2r0.0.
Risk Assessment
An attacker can exploit this flaw to inject malicious scripts, potentially leading to session theft, account takeover, or displaying fraudulent content to users.
Recommendation
Immediately update GridTime 3000 to version 1.2r0.0 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 (password reset form) allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0.

