This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.
The remote Windows application is affected by cross-site scripting
The remote host is running the BlackBerry Enterprise Server MDS
Connection Service. The installed version is affected by cross-site
scripting vulnerabilities involving the 'customDate', 'interval',
'lastCustomInterval', 'lastIntervalLength', 'nextCustomInterval',
'nextIntervalLength', 'action', 'delIntervalIndex', 'addStatIndex',
'delStatIndex', and 'referenceTime' parameters of the
'admin/statistics/ConfigureStatistics' script. An attacker can
leverage these in order to execute arbitrary script code or steal
cookie-based authentication credentials.
See also :
Upgrade to BlackBerry Enterprise Server 4.1.6 MR5 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 38199 (blackberry_es_connection_service_xss.nasl)
Bugtraq ID: 34573
CVE ID: CVE-2009-0307
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.