CVE-2016-1916

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
blackberryenterprise_server
𝑥
≤ 12.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.blackberry.com/btsc/KB38117
http://www.securitytracker.com/id/1035568
http://www.blackberry.com/btsc/KB38117
http://www.securitytracker.com/id/1035568