CVE-2010-2654
IBM BladeCenter AMM <4.7 and 5.0 - XSS
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Alexey Sintsov · textwebappsphp
https://www.exploit-db.com/exploits/14237
References (10)
Scores
EPSS
0.0344
EPSS Percentile
87.3%
Classification
CWE
CWE-79
Status
published
Affected Products (40)
ibm/advanced_management_module
< 2.48
ibm/advanced_management_module
< 3.54
ibm/advanced_management_module
ibm/advanced_management_module
ibm/advanced_management_module
ibm/advanced_management_module
ibm/advanced_management_module
ibm/advanced_management_module
ibm/advanced_management_module
ibm/advanced_management_module
ibm/advanced_management_module
ibm/advanced_management_module
ibm/advanced_management_module
ibm/advanced_management_module
ibm/advanced_management_module
... and 25 more
Timeline
Published
Jul 08, 2010
Tracked Since
Feb 18, 2026