CVE-2018-19394

Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cobham:satcom_sailor_800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cobham:satcom_sailor_800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cobham:satcom_sailor_900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cobham:satcom_sailor_900:-:*:*:*:*:*:*:*

Information

Published : 2019-03-15 09:29

Updated : 2019-03-15 10:34


NVD link : CVE-2018-19394

Mitre link : CVE-2018-19394


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

cobham

  • satcom_sailor_900
  • satcom_sailor_900_firmware
  • satcom_sailor_800
  • satcom_sailor_800_firmware