Skip to content

Instantly share code, notes, and snippets.

@CyberSKR

CyberSKR/CVE-2018-19394.md

Created March 15, 2019 11:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save CyberSKR/fe21b920c8933867ea262a325d37f03b to your computer and use it in GitHub Desktop.
Save CyberSKR/fe21b920c8933867ea262a325d37f03b to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2018-19394: The Cobham Satcom Sailor 800 and Sailor 900 devices contained a persistent Cross Site Scripting (XSS) vulnerability.
Raw
CVE-2018-19394.md

CVE-2018-19394

Suggested description
The Cobham Satcom Sailor 800 and Sailor 900 devices contained a persistent Cross Site Scripting (XSS) vulnerability, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (E.g. Satellite name), and then restoring the malicious configuration file.

Vulnerability Type
Cross Site Scripting (XSS)

Vendor of Product
Cobham Satcom

Affected Product Code Base
Sailor 800 - N/A
Sailor 900 - N/A

Reference
https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b
https://cyberskr.com/blog/cobham-satcom-800-900.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment