Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CVE-2018-19394: The Cobham Satcom Sailor 800 and Sailor 900 devices contained a persistent Cross Site Scripting (XSS) vulnerability.

CVE-2018-19394

Suggested description
The Cobham Satcom Sailor 800 and Sailor 900 devices contained a persistent Cross Site Scripting (XSS) vulnerability, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (E.g. Satellite name), and then restoring the malicious configuration file.


Vulnerability Type
Cross Site Scripting (XSS)


Vendor of Product
Cobham Satcom


Affected Product Code Base
Sailor 800 - N/A
Sailor 900 - N/A


Reference
https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b
https://cyberskr.com/blog/cobham-satcom-800-900.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.