CVE-2012-2172

IBM DS Storage Manager Host Software < 10.83 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappswindows

https://www.exploit-db.com/exploits/19321

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/75239

Vendor Advisory x_refsource_confirm

http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172

Scores

EPSS 0.1419

EPSS Percentile 94.5%

Details

CWE

CWE-79

Status published

Products (21)

ibm/ds4100

ibm/ds4100 1724

ibm/ds4200 1814

ibm/ds4300 1722

ibm/ds4400 1742

ibm/ds4500 1742

ibm/ds4700 1814

ibm/ds4800 1815

ibm/ds_storage_manager_host_software 10.8

ibm/ds_storage_manager_host_software 10.60.x5.14

... and 11 more

Published Jun 22, 2012

Tracked Since Feb 18, 2026