CVE-2009-1288

IBM Advanced Management Module - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Henri Lindberg · textwebappsmultiple

https://www.exploit-db.com/exploits/32894

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Henri Lindberg · textwebappsmultiple

https://www.exploit-db.com/exploits/32895

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/502582/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/53658

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34447

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1022025

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/53657

Vendor Advisory x_refsource_misc

http://www.louhinetworks.fi/advisory/ibm_090409.txt

Scores

EPSS 0.1126

EPSS Percentile 93.5%

Details

CWE

CWE-79

Status published

Products (19)

ibm/advanced_management_module 1.36h

ibm/bladecenter e (3 CPE variants)

ibm/bladecenter h (2 CPE variants)

ibm/bladecenter hc10

ibm/bladecenter hs12 (3 CPE variants)

ibm/bladecenter hs20

ibm/bladecenter hs21 (2 CPE variants)

ibm/bladecenter hs21_xm (2 CPE variants)

ibm/bladecenter ht (2 CPE variants)

ibm/bladecenter js12

... and 9 more

Published Apr 13, 2009

Tracked Since Feb 18, 2026