CVE-2010-2654 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L and possibly other versions before 4.7 and 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php (3) the domain parameter to private/power_management_policy_options.php the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php (6) the WEBINDEX parameter to private/blade_leds.php or (7) the SLOT parameter to private/ipmi_bladestatus.php.
Reference
http://dsecrg.com/pages/vul/show.php?id=154 http://osvdb.org/66122 http://osvdb.org/66125 http://osvdb.org/66126 http://osvdb.org/66127 http://osvdb.org/66128 http://osvdb.org/66129 http://osvdb.org/66130 http://www.exploit-db.com/exploits/14237/ http://www.securityfocus.com/bid/41383
Share on: