CVE-2014-3080

Currently unrated

Key Information:

Vendor: IBM
Status: Global Console Manager 32 Firmware; Global Console Manager 16 Firmware
Vendor: CVE Published:; 17 August 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php.

References

http://packetstormsecurity.com/files/127543/IBM-1754-GCM-...

x_refsource_MISC

http://www.securityfocus.com/bid/68777

vdb-entryx_refsource_BID

http://www.exploit-db.com/exploits/34132/

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
Aug 17, 2014
Vulnerability Reserved
Apr 29, 2014