CVE-2009-0307

{"id": "CVE-2009-0307", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-04-22T18:30:00.170", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0170.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/53772", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34740", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.blackberry.com/btsc/dynamickc.do?externalId=KB17969&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB17969", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/34573", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1022081", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1090", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the \"Customize Statistics Page\" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) before 4.1.6 MR5 allows remote attackers to inject arbitrary web script or HTML via the (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, and (11) referenceTime parameters."}, {"lang": "es", "value": "Una Vulnerabilidad de tipo Cross-Site Scripting (XSS) en la \"Customize Statistics Page\" (admin/statistics/ConfigureStatistics) en el servicio de conexi\u00f3n MDS en Research in Motion (RIM) BlackBerry Enterprise Server (BES) anterior a versi\u00f3n 4.1.6 MR5 permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) customDate, (2) interval, (3) lastCustomInterval, (4) lastIntervalLength, (5) nextCustomInterval, (6) nextIntervalLength, (7) action, (8) delIntervalIndex, (9) addStatIndex, (10) delStatIndex, y (11) referenceTime."}], "lastModified": "2009-04-28T05:37:41.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:*:mr4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1200C916-4168-49E6-A0F4-665F6A5954F6", "versionEndIncluding": "4.1.6"}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B7A2FFD-C840-459C-95C2-92FEDF341D5E"}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E297652-3533-4B2B-BA9E-FDC452BAE650"}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B51FB6C5-1EA2-451E-A89B-9CE5EE3F8626"}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4ACEF3E-E394-45E2-B20F-8575C92A490F"}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F71618E-5CB6-41A7-9705-6AD4344CDEA6"}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4BD344A-EE9C-4ECB-8CB1-35146FD6F056"}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1694E42-9AA5-4503-9714-CBDE388481A5"}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F378AF-E25B-4D60-AF7E-9E6FB228BF1B"}, {"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "265D8F90-96C3-4627-ABA5-994C25F70A45"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}