CVE-2018-19394

Name of the Vulnerable Software and Affected Versions Cobham Satcom Sailor 800 and 900 devices (affected versions not specified)

Description The issue concerns a persistent XSS that can be exploited by acquiring the device's configuration file, inserting an XSS payload into a relevant field such as the Satellite name, and then restoring the malicious configuration file. This requires administrative access to exploit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.