GridTime™ 3000 GNSS Time Server CSRF to XSS
Summary
| CVE | CVE-2026-12619 |
|---|---|
| State | PUBLISHED |
| Assigner | Microchip |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-19 16:16:16 UTC |
| Updated | 2026-06-22 18:29:30 UTC |
| Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting (XSS). This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0. |
Risk And Classification
Primary CVSS: v4.0 5.1 MEDIUM from dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-79 | CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 | Secondary | 5.1 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/C... |
| 4.0 | CNA | CVSS | 5.1 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:A |
CVSS v4.0 Breakdown
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Microchip | GridTime 3000 | affected 1.0r0.03 1.1r0.0 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-... | dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 | www.microchip.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Additional Advisory Data
Solutions
CNA: Upgrade GridTime 3000 GNSS Time Server to the latest firmware. As of the firmware release 1.2r0.0, CSRF protections and parameter sanitization have been improved to not allow execution of arbitrary queries.