CVE-2016-1916

MEDIUM

BlackBerry Enterprise Server <12.4.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.

References (2)

[Vendor Advisory] http://www.blackberry.com/btsc/KB38117

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035568

Scores

CVSS v3 5.4

EPSS 0.0019

EPSS Percentile 40.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (1)

blackberry/enterprise_server < 12.4

Timeline

Published Apr 22, 2016

Tracked Since Feb 18, 2026