Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

BlackBerry Enterprise Server < 4.1.6 MR5 XSS

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is running the Blackberry Enterprise Server.

This version is reportedly vulnerable to a cross-site scripting flaw due to the way that it handles user-supplied input. An attacker exploiting this flaw would need to be able to convince a user to click on a link. Successful exploitation would result in the attacker executing arbitrary script code within the browser of the user.

Solution

Upgrade to version 4.1.6 MR5 (4.1.6.5) or higher.