ByteOS Network

NVD Vulnerability Details :

CVE-2016-1916

Modified

Source-cve@mitre.org

Published At-22 Apr, 2016 | 18:59

Updated At-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.4	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N

Type: Primary

Version: 3.0

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 3.5

Base severity: LOW

Vector:

AV:N/AC:M/Au:S/C:N/I:P/A:N

CPE Matches

BlackBerry Limited

>>enterprise_server>>Versions up to 12.4(inclusive)

cpe:2.3:a:blackberry:enterprise_server:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.blackberry.com/btsc/KB38117	cve@mitre.org	Vendor Advisory
http://www.securitytracker.com/id/1035568	cve@mitre.org	N/A
http://www.blackberry.com/btsc/KB38117	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.securitytracker.com/id/1035568	af854a3a-2127-422b-91ae-364da2661108	N/A