This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote Windows application is affected by cross-site scripting
The remote host is running the BlackBerry Enterprise Server MDS
Connection Service. The installed version is affected by cross-site
scripting vulnerabilities involving the 'customDate', 'interval',
'lastCustomInterval', 'lastIntervalLength', 'nextCustomInterval',
'nextIntervalLength', 'action', 'delIntervalIndex', 'addStatIndex',
'delStatIndex', and 'referenceTime' parameters of the
'admin/statistics/ConfigureStatistics' script. An attacker can
leverage these in order to execute arbitrary script code or steal
cookie-based authentication credentials.
See also :
Upgrade to BlackBerry Enterprise Server 4.1.6 MR5 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true