CVE-2017-3890 — Cross-site Scripting in Appliance-x

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 47.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Blackberry Appliance-x Blackberry Workspaces Vapp

Timeline

PublishedJan 13

Latest updateMay 13

Description

A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDblackberry/appliance-x1.8.1

▶NVDblackberry/workspaces_vapp4.6.0, 5.4.1+1

🔴Vulnerability Details

GHSA

GHSA-qcvc-wwjh-qq3h: A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1↗2022-05-13

▶

CVEList

CVE-2017-3890: A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1↗2017-01-13

▶