CVE-2023-44854

Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://pine-amphibian-9b9.notion.site/ENG-SAILOR-Ku-Software-XSS-Remote-syslog-131b8031c9f74600aa3279c7d733d624	Exploit Third Party Advisory
https://pine-amphibian-9b9.notion.site/ENG-SAILOR-Ku-Software-XSS-Remote-syslog-131b8031c9f74600aa3279c7d733d624	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cobham:sailor_600_vsat_ku_firmware:164_build019:*:*:*:*:*:*:*

cpe:2.3:h:cobham:sailor_600_vsat_ku:-:*:*:*:*:*:*:*

History

27 May 2025, 14:24

Type	Values Removed	Values Added
First Time		Cobham sailor 600 Vsat Ku Firmware Cobham sailor 600 Vsat Ku Cobham
CPE		cpe:2.3:o:cobham:sailor_600_vsat_ku_firmware:164_build019:::::::* cpe:2.3:h:cobham:sailor_600_vsat_ku:-:::::::*
References	~~() https://pine-amphibian-9b9.notion.site/ENG-SAILOR-Ku-Software-XSS-Remote-syslog-131b8031c9f74600aa3279c7d733d624 -~~	() https://pine-amphibian-9b9.notion.site/ENG-SAILOR-Ku-Software-XSS-Remote-syslog-131b8031c9f74600aa3279c7d733d624 - Exploit, Third Party Advisory

Information

Published : 2024-04-12 04:15

Updated : 2025-05-27 14:24

NVD link : CVE-2023-44854

Mitre link : CVE-2023-44854

CVE.ORG link : CVE-2023-44854

JSON object : View

Products Affected

cobham

sailor_600_vsat_ku_firmware
sailor_600_vsat_ku

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10