Описание
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:cobham:satcom_sailor_800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cobham:satcom_sailor_800:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:cobham:satcom_sailor_900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cobham:satcom_sailor_900:-:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00321
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
больше 3 лет назад
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.
EPSS
Процентиль: 55%
0.00321
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79