{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the \"Customize Statistics Page\" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-04-28T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1022081", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022081"}, {"name": "34573", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34573"}, {"name": "20090417 ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0170.html"}, {"name": "34740", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34740"}, {"name": "53772", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/53772"}, {"name": "ADV-2009-1090", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1090"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0307", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the \"Customize Statistics Page\" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1022081", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022081"}, {"name": "34573", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34573"}, {"name": "20090417 ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0170.html"}, {"name": "34740", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34740"}, {"name": "53772", "refsource": "OSVDB", "url": "http://osvdb.org/53772"}, {"name": "ADV-2009-1090", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1090"}, {"name": "http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969", "refsource": "CONFIRM", "url": "http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:31:25.613Z"}, "title": "CVE Program Container", "references": [{"name": "1022081", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022081"}, {"name": "34573", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34573"}, {"name": "20090417 ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0170.html"}, {"name": "34740", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34740"}, {"name": "53772", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/53772"}, {"name": "ADV-2009-1090", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1090"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0307", "datePublished": "2009-04-22T18:00:00", "dateReserved": "2009-01-27T00:00:00", "dateUpdated": "2024-08-07T04:31:25.613Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:*:mr4:*:*:*:*:*:*", "matchCriteriaId": "1200C916-4168-49E6-A0F4-665F6A5954F6", "versionEndIncluding": "4.1.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B7A2FFD-C840-459C-95C2-92FEDF341D5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "8E297652-3533-4B2B-BA9E-FDC452BAE650", "vulnerable": true}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B51FB6C5-1EA2-451E-A89B-9CE5EE3F8626", "vulnerable": true}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4ACEF3E-E394-45E2-B20F-8575C92A490F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "9F71618E-5CB6-41A7-9705-6AD4344CDEA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E4BD344A-EE9C-4ECB-8CB1-35146FD6F056", "vulnerable": true}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "B1694E42-9AA5-4503-9714-CBDE388481A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "16F378AF-E25B-4D60-AF7E-9E6FB228BF1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "265D8F90-96C3-4627-ABA5-994C25F70A45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the \"Customize Statistics Page\" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters."}, {"lang": "es", "value": "Una Vulnerabilidad de tipo Cross-Site Scripting (XSS) en la \"Customize Statistics Page\" (admin/statistics/ConfigureStatistics) en el servicio de conexi\u00f3n MDS en Research in Motion (RIM) BlackBerry Enterprise Server (BES) anterior a versi\u00f3n 4.1.6 MR5 permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, y (11) referenceTime."}], "id": "CVE-2009-0307", "lastModified": "2009-04-28T05:37:41.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-04-22T18:30:00.170", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0170.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/53772"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34740"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/34573"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022081"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/1090"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}