Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field.
https://gist.github.com/CyberSKR/f6fc93702b9b9b73afa07877d1479fe0