Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware prior to 1.20.20.23447 allow remote malicious users to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm global console manager 16 firmware |
||
ibm global console manager 32 firmware |