Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote malicious users to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm advanced_management_module 1.36h |
||
ibm bladecenter e |
||
ibm bladecenter s |
||
ibm bladecenter t |
||
ibm bladecenter hs12 |
||
ibm bladecenter ls20 |
||
ibm bladecenter ls21 |
||
ibm bladecenter ls41 |
||
ibm bladecenter ht |
||
ibm bladecenter h |
||
ibm bladecenter js21 |
||
ibm bladecenter hs21 |
||
ibm bladecenter js22 |
||
ibm bladecenter hc10 |
||
ibm bladecenter hs21_xm |
||
ibm bladecenter js12 |
||
ibm bladecenter hs20 |
||
ibm bladecenter qs21 |
||
ibm bladecenter qs22 |