Cross site scripting

2019-03-1516:29:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.4%

JSON

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field.

CPENameOperatorVersion
satcom_sailor_250_firmwarelt1.25
satcom_sailor_500_firmwarelt1.25

CPE	Name	Operator	Version
	satcom_sailor_250_firmware	lt	1.25
	satcom_sailor_500_firmware	lt	1.25

References

cyberskr.com/blog/cobham-satcom-250-500.html

gist.github.com/CyberSKR/f6fc93702b9b9b73afa07877d1479fe0