CVE-2016-1915

Multiple cross-site scripting XSS vulnerabilities in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to 1 mydevice/index.jsp or 2 mydevice/loggedOut.jsp...