CVE-2010-2654

IBM BladeCenter AMM <4.7 and 5.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2654. PoCs published by Alexey Sintsov.

AI-analyzed exploit summary The advisory details multiple vulnerabilities in IBM BladeCenter Management Module, including XSS, directory traversal, and unauthorized access. It provides specific exploit URLs and describes the impact of each vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Alexey Sintsov · textwebappsphp
https://www.exploit-db.com/exploits/14237

The advisory details multiple vulnerabilities in IBM BladeCenter Management Module, including XSS, directory traversal, and unauthorized access. It provides specific exploit URLs and describes the impact of each vulnerability.

Classification
Writeup 90%
Attack Type
Xss | Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: IBM BladeCenter Management Module BPET48L and possibly other versions
Auth required
Prerequisites: Network access to the BladeCenter management interface · Authorization for directory listing vulnerability
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (10)

Core 10
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14237/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66125
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66128
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66130
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/41383
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66127
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66129
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66122
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66126

Scores

EPSS 0.0228
EPSS Percentile 80.9%

Details

CWE
CWE-79
Status published
Products (16)
ibm/advanced_management_module 1.00
ibm/advanced_management_module 1.01
ibm/advanced_management_module 1.20 (2 CPE variants)
ibm/advanced_management_module 1.25 (3 CPE variants)
ibm/advanced_management_module 1.26 b (5 CPE variants)
ibm/advanced_management_module 1.28 g
ibm/advanced_management_module 1.32 d
ibm/advanced_management_module 1.34 b (2 CPE variants)
ibm/advanced_management_module 1.36 d (4 CPE variants)
ibm/advanced_management_module 1.42 d (6 CPE variants)
... and 6 more
Published Jul 08, 2010
Tracked Since Feb 18, 2026