Vulnerabilities > Cobham
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-15 | CVE-2018-19391 | Cross-site Scripting vulnerability in Cobham products Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field. | 6.1 |
| 2018-01-16 | CVE-2018-5728 | Information Exposure vulnerability in Cobham Seatel 121 Firmware Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details. | 5.3 |
| 2018-01-08 | CVE-2018-5267 | Unspecified vulnerability in Cobham SEA TEL 121 Firmware 222701 Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. | 9.8 |
| 2018-01-08 | CVE-2018-5266 | Information Exposure vulnerability in Cobham SEA TEL 121 Firmware 222701 Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. | 7.5 |
| 2018-01-08 | CVE-2018-5071 | Cross-site Scripting vulnerability in Cobham SEA TEL 116 Firmware 222429 Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. | 5.4 |