Timepictra
CVE-2026-3010
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2.
AnalysisAI
Microchip TimePictra versions 11.0 through 11.3 SP2 contain a reflected cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to inject malicious scripts through query parameters. Successful exploitation requires user interaction and can result in session hijacking, credential theft, or unauthorized information disclosure. No patch is currently available.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Timepictra. Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More in Timepictra
View allSame weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today