Persistent XSS Vulnerability in Cobham Satcom Sailor 800 and 900 Devices

Persistent XSS Vulnerability in Cobham Satcom Sailor 800 and 900 Devices

CVE-2018-19394 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.

Learn more about our Web Application Penetration Testing UK.