CVE-2010-2654

IBM BladeCenter AMM <4.7 and 5.0 - XSS

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Alexey Sintsov · textwebappsphp
https://www.exploit-db.com/exploits/14237

References (10)

Core 10
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14237/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66125
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66128
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66130
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/41383
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66127
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66129
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66122
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66126

Scores

EPSS 0.0344
EPSS Percentile 87.5%

Details

CWE
CWE-79
Status published
Products (16)
ibm/advanced_management_module 1.00
ibm/advanced_management_module 1.01
ibm/advanced_management_module 1.20 (2 CPE variants)
ibm/advanced_management_module 1.25 (3 CPE variants)
ibm/advanced_management_module 1.26 b (5 CPE variants)
ibm/advanced_management_module 1.28 g
ibm/advanced_management_module 1.32 d
ibm/advanced_management_module 1.34 b (2 CPE variants)
ibm/advanced_management_module 1.36 d (4 CPE variants)
ibm/advanced_management_module 1.42 d (6 CPE variants)
... and 6 more
Published Jul 08, 2010
Tracked Since Feb 18, 2026