CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-19391

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.5%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://cyberskr.com/blog/cobham-satcom-250-500.html
https://gist.github.com/CyberSKR/f6fc93702b9b9b73afa07877d1479fe0
https://cyberskr.com/blog/cobham-satcom-250-500.html
https://gist.github.com/CyberSKR/f6fc93702b9b9b73afa07877d1479fe0

Products affected by CVE-2018-19391

Cobham » Satcom Sailor 250 » Version: N/A

cpe:2.3:h:cobham:satcom_sailor_250:-
Cobham » Satcom Sailor 500 » Version: N/A

cpe:2.3:h:cobham:satcom_sailor_500:-
Cobham » Satcom Sailor 250 Firmware » Version: Any

cpe:2.3:o:cobham:satcom_sailor_250_firmware:*
Cobham » Satcom Sailor 500 Firmware » Version: Any

cpe:2.3:o:cobham:satcom_sailor_500_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19391

Products

Pricing

Contact Us