Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-1288

Published: 13/04/2009 Updated: 10/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 440
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Advanced Management Module

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote malicious users to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.

Vulnerable Product Search on Vulmon Subscribe to Product

ibm advanced_management_module 1.36h

ibm bladecenter e

ibm bladecenter s

ibm bladecenter t

ibm bladecenter hs12

ibm bladecenter ls20

ibm bladecenter ls21

ibm bladecenter ls41

ibm bladecenter ht

ibm bladecenter h

ibm bladecenter js21

ibm bladecenter hs21

ibm bladecenter js22

ibm bladecenter hc10

ibm bladecenter hs21_xm

ibm bladecenter js12

ibm bladecenter hs20

ibm bladecenter qs21

ibm bladecenter qs22

Exploits

Exploit DB: IBM Bladecenter Advanced Management Module 1.42 - '/private/file_Management.ssi?PATH' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/34447/info IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities: - An HTML-injection vulnerability - A cross-site scripting vulnerability - An information-disclosure vulnerability - Multiple cross-site request-forgery vulnerabilities An attacker can exploit these ...
Exploit DB: IBM Bladecenter Advanced Management Module 1.42 - Login 'Username' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/34447/info IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities: - An HTML-injection vulnerability - A cross-site scripting vulnerability - An information-disclosure vulnerability - Multiple cross-site request-forgery vulnerabilities An attacker can exploit these iss ...

References

CWE-79http://www.securityfocus.com/bid/34447http://securitytracker.com/id?1022025http://www.louhinetworks.fi/advisory/ibm_090409.txthttp://osvdb.org/53658http://osvdb.org/53657http://www.securityfocus.com/archive/1/502582/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/32895/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook