CVE-2017-3890

MEDIUM

BlackBerry WatchDox Server - XSS

Title source: llm

Description

A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.

References (2)

[Vendor Advisory] http://support.blackberry.com/kb/articleDetail?articleNumber=000038915

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95442

Scores

CVSS v3 6.1

EPSS 0.0029

EPSS Percentile 52.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (4)

blackberry/appliance-x < 1.8.1

blackberry/workspaces_vapp

n/a/BlackBerry WatchDox Server < BlackBerry WatchDox Server

Timeline

Published Jan 13, 2017

Tracked Since Feb 18, 2026