QwikSec

Security Database

CVE

CWE

Training

CVE-2016-1915

Published: Apr 13, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

http://security-assessment.com/files/documents/advisory/Blackberry%20BES12%20Self-Service%20Multiple%20Vulnerabilities.pdf

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

http://support.blackberry.com/kb/articleDetail?articleNumber=000038033

x_refsource_CONFIRM

20160222 BlackBerry Enterprise Service 12 Self-Service - SQLi and Reflected XSS

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.