CVE-2009-1288

IBM Advanced Management Module - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Henri Lindberg · textwebappsmultiple
https://www.exploit-db.com/exploits/32894
exploitdb WRITEUP VERIFIED
by Henri Lindberg · textwebappsmultiple
https://www.exploit-db.com/exploits/32895

References (6)

Scores

EPSS 0.1126
EPSS Percentile 93.4%

Classification

CWE
CWE-79
Status published

Affected Products (31)

ibm/advanced_management_module
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
ibm/bladecenter
... and 16 more

Timeline

Published Apr 13, 2009
Tracked Since Feb 18, 2026