Cross-Site Scripting Vulnerabilities in IBM BladeCenter Advanced Management Module
CVE-2009-1288

Currently unrated

Key Information:

Vendor: IBM
Status: Advanced Management Module; Bladecenter
Vendor: CVE Published:; 13 April 2009

Summary

The Advanced Management Module (AMM) of the IBM BladeCenter, including the BladeCenter H, is susceptible to multiple cross-site scripting (XSS) vulnerabilities. These flaws enable remote attackers to inject arbitrary web scripts or HTML content, specifically through the username during login actions and via the PATH parameter in private/file_management.ssi within the file manager. Successful exploitation of these vulnerabilities can lead to malicious actions executed on behalf of unsuspecting users.

References

http://www.securityfocus.com/archive/1/502582/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://osvdb.org/53658

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/34447

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 13, 2009
Vulnerability Reserved
Apr 13, 2009