Cross site scripting

2011-04-1818:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.8%

JSON

Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action.

CPENameOperatorVersion
blackberry_enterprise_servereq5.0.2
blackberry_enterprise_servereq5.0.0
blackberry_enterprise_servereq5.0.3
blackberry_enterprise_servereq5.0.1
blackberry_enterprise_server_expresseq5.0.1
blackberry_enterprise_server_expresseq5.0.2

Name	Operator	Version
blackberry_enterprise_server	eq	5.0.2
blackberry_enterprise_server	eq	5.0.0
blackberry_enterprise_server	eq	5.0.3
blackberry_enterprise_server	eq	5.0.1
blackberry_enterprise_server_express	eq	5.0.1
blackberry_enterprise_server_express	eq	5.0.2