CVE-2016-1915 Information
Feb 14, 2021
cve
Description
Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
http://seclists.org/fulldisclosure/2016/Feb/95 http://security-assessment.com/files/documents/advisory/Blackberry20BES1220Self-Service20Multiple20Vulnerabilities.pdf http://support.blackberry.com/kb/articleDetail?articleNumber=000038033 http://www.securitytracker.com/id/1035095 https://www.exploit-db.com/exploits/39481/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: