Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field.
CPE | Name | Operator | Version |
---|---|---|---|
satcom_sailor_250_firmware | lt | 1.25 | |
satcom_sailor_500_firmware | lt | 1.25 |