Moderate

CVE-2009-0307 - Cross-Site Scripting (XSS) vulnerability in RIM Blackberry Enterprise Server

Publication: 2009-04-22
Summary

Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters.

Classification
CWE-79: Cross-Site Scripting (XSS)

Risk level (CVSS 4.3)

Moderate

4.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • RIM Blackberry Enterprise Server 4.0
  • RIM Blackberry Enterprise Server 4.0
  • RIM Blackberry Enterprise Server 4.0.3
  • RIM Blackberry Enterprise Server 4.1
  • RIM Blackberry Enterprise Server 4.1
  • RIM Blackberry Enterprise Server 4.1.3
  • RIM Blackberry Enterprise Server 4.1.4
  • RIM Blackberry Enterprise Server 4.1.5
  • RIM Blackberry Enterprise Server 4.1.6
  • RIM Blackberry Enterprise Server 4.1.6