{"api_version":"1","generated_at":"2026-04-23T02:35:48+00:00","cve":"CVE-2018-8888","urls":{"html":"https://cve.report/CVE-2018-8888","api":"https://cve.report/api/cve/CVE-2018-8888.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8888","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8888"},"summary":{"title":"CVE-2018-8888","description":"A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.","state":"PUBLIC","assigner":"secure@blackberry.com","published_at":"2018-12-20 20:29:00","updated_at":"2019-01-03 18:25:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000054162","name":"http://support.blackberry.com/kb/articleDetail?articleNumber=000054162","refsource":"CONFIRM","tags":["Mitigation","Vendor Advisory"],"title":"BSRT-2018-005 Vulnerabilities in Management Console Impact Affected Versions of BlackBerry UEM","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8888","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8888","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8888","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"unified_endpoint_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8888","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"unified_endpoint_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@blackberry.com","ID":"CVE-2018-8888","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"BlackBerry UEM","version":{"version_data":[{"version_value":"12.9.1 and earlier"}]}}]},"vendor_name":"BlackBerry"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Stored Cross-Site Scripting"}]}]},"references":{"reference_data":[{"name":"http://support.blackberry.com/kb/articleDetail?articleNumber=000054162","refsource":"CONFIRM","url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"}]}},"nvd":{"publishedDate":"2018-12-20 20:29:00","lastModifiedDate":"2019-01-03 18:25:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.7,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"12.10.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8888","Ordinal":"125260","Title":"CVE-2018-8888","CVE":"CVE-2018-8888","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8888","Ordinal":"1","NoteData":"A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8888","Ordinal":"2","NoteData":"2018-12-20","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8888","Ordinal":"3","NoteData":"2018-12-20","Type":"Other","Title":"Modified"}]}}}