Medium severity6.1NVD Advisory· Published Apr 13, 2017· Updated Jun 17, 2026
CVE-2016-1915
CVE-2016-1915
Description
Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:blackberry:blackberry_enterprise_service:*:*:*:*:*:*:*:*Range: <=12.3.1
- Range: <12.4
Patches
Vulnerability mechanics
References
5- support.blackberry.com/kb/articleDetailnvdPatchVendor Advisory
- security-assessment.com/files/documents/advisory/Blackberry%20BES12%20Self-Service%20Multiple%20Vulnerabilities.pdfnvdExploitThird Party Advisory
- seclists.org/fulldisclosure/2016/Feb/95nvdMailing ListThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1035095nvd
- www.exploit-db.com/exploits/39481/nvd
News mentions
0No linked articles in our index yet.