CVE-2016-1916
Summary
| CVE | CVE-2016-1916 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-04-22 18:59:00 UTC |
| Updated | 2016-12-03 03:23:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Blackberry | Enterprise Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.blackberry.com/btsc/KB38117 | CONFIRM | www.blackberry.com | Vendor Advisory |
| BlackBerry Enterprise Server Input Validation Flaws in Management Console Let Remote Conduct Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.