CVE Catalog

CVE-2026-12621

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile - higher than 14% of all known CVEs

Summary

A cross-site scripting (XSS) vulnerability was found in the GridTime 3000 password reset form due to improper input neutralization during web page generation. The issue affects versions from 1.0r0.03 before 1.2r0.0.

Risk Assessment

An attacker can exploit this flaw to inject malicious scripts, potentially leading to session theft, account takeover, or displaying fraudulent content to users.

Recommendation

Immediately update GridTime 3000 to version 1.2r0.0 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 (password reset form) allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS