CVE-2009-0307
Summary
| CVE | CVE-2009-0307 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-04-22 18:30:00 UTC |
| Updated | 2009-04-28 05:37:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rim | Blackberry Enterprise Server | 4.0 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.0 | sp3 | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.0.3 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1 | sp3 | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1.3 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1.4 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1.5 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1.6 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.0 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.0 | sp3 | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.0.3 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1 | sp3 | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1.3 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1.4 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1.5 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | 4.1.6 | All | All | All |
| Application | Rim | Blackberry Enterprise Server | All | mr4 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 53772 | OSVDB | osvdb.org | |
| BlackBerry Enterprise Server Input Validation Flaw in MDS Connection Service Permits Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| BlackBerry Enterprise Server MDS Connection Service Cross-Site Scripting - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| BlackBerry Enterprise Server MDS Connection Service Cross Site Scripting Vulnerability | BID | www.securityfocus.com | Exploit |
| www.blackberry.com/btsc/dynamickc.do | CONFIRM | www.blackberry.com | Vendor Advisory |
| NEOHAPSIS - Peace of Mind Through Integrity and Insight | FULLDISC | archives.neohapsis.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.