Arbitrary Script Injection in BlackBerry Enterprise Server (BES) 12 Management Console

Arbitrary Script Injection in BlackBerry Enterprise Server (BES) 12 Management Console

CVE-2016-1916 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.

Learn more about our Web App Pen Testing.