CVE-2012-2172

IBM DS Storage Manager Host Software < 10.83 - Cross-Site Scripting via SoftwareRegistration.do updateRegn Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2172. PoCs published by LiquidWorm.

AI-analyzed exploit summary The document describes SQL injection and XSS vulnerabilities in IBM System Storage DS Storage Manager Profiler 4.8.6, detailing affected parameters and providing proof-of-concept URLs for exploitation. It includes vendor coordination timeline and references to advisories.

Description

Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.

Exploits (1)

exploitdb WRITEUP
by LiquidWorm · textwebappswindows
https://www.exploit-db.com/exploits/19321

The document describes SQL injection and XSS vulnerabilities in IBM System Storage DS Storage Manager Profiler 4.8.6, detailing affected parameters and providing proof-of-concept URLs for exploitation. It includes vendor coordination timeline and references to advisories.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: IBM System Storage DS Storage Manager Profiler 4.8.6
No auth needed
Prerequisites: Network access to the vulnerable application
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0163
EPSS Percentile 73.4%

Details

CWE
CWE-79
Status published
Products (21)
ibm/ds4100
ibm/ds4100 1724
ibm/ds4200 1814
ibm/ds4300 1722
ibm/ds4400 1742
ibm/ds4500 1742
ibm/ds4700 1814
ibm/ds4800 1815
ibm/ds_storage_manager_host_software 10.8
ibm/ds_storage_manager_host_software 10.60.x5.14
... and 11 more
Published Jun 22, 2012
Tracked Since Feb 18, 2026