Описание
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.25 (исключая)
Одновременно
cpe:2.3:o:cobham:satcom_sailor_250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cobham:satcom_sailor_250:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.25 (исключая)
Одновременно
cpe:2.3:o:cobham:satcom_sailor_500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cobham:satcom_sailor_500:-:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00489
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field.
EPSS
Процентиль: 65%
0.00489
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79