CVE-2012-2172
IBM DS Storage Manager Host Software < 10.83 - Cross-Site Scripting via SoftwareRegistration.do updateRegn Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-2172. PoCs published by LiquidWorm.
AI-analyzed exploit summary The document describes SQL injection and XSS vulnerabilities in IBM System Storage DS Storage Manager Profiler 4.8.6, detailing affected parameters and providing proof-of-concept URLs for exploitation. It includes vendor coordination timeline and references to advisories.
Description
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.
Exploits (1)
The document describes SQL injection and XSS vulnerabilities in IBM System Storage DS Storage Manager Profiler 4.8.6, detailing affected parameters and providing proof-of-concept URLs for exploitation. It includes vendor coordination timeline and references to advisories.