CVE-2009-0307
RIM BlackBerry Enterprise Server <4.1.6 MR5 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ken Millar · textwebappsjava
https://www.exploit-db.com/exploits/32927
References (7)
Scores
EPSS
0.0341
EPSS Percentile
87.3%
Classification
CWE
CWE-79
Status
published
Affected Products (11)
rim/blackberry_enterprise_server
< 4.1.6
rim/blackberry_enterprise_server
rim/blackberry_enterprise_server
rim/blackberry_enterprise_server
rim/blackberry_enterprise_server
rim/blackberry_enterprise_server
rim/blackberry_enterprise_server
rim/blackberry_enterprise_server
rim/blackberry_enterprise_server
rim/blackberry_enterprise_server
n/a/n/a
Timeline
Published
Apr 22, 2009
Tracked Since
Feb 18, 2026