CVE-2010-2654

Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
ibmadvanced_management_module
𝑥
≤ 2.48
ibmadvanced_management_module
𝑥
≤ 3.54
ibmadvanced_management_module
1.00
ibmadvanced_management_module
1.01
ibmadvanced_management_module
1.20
ibmadvanced_management_module
1.20:f
ibmadvanced_management_module
1.25
ibmadvanced_management_module
1.25:e
ibmadvanced_management_module
1.25:i
ibmadvanced_management_module
1.26:b
ibmadvanced_management_module
1.26:e
ibmadvanced_management_module
1.26:h
ibmadvanced_management_module
1.26:i
ibmadvanced_management_module
1.26:k
ibmadvanced_management_module
1.28:g
ibmadvanced_management_module
1.32:d
ibmadvanced_management_module
1.34:b
ibmadvanced_management_module
1.34:e
ibmadvanced_management_module
1.36:d
ibmadvanced_management_module
1.36:g
ibmadvanced_management_module
1.36:h
ibmadvanced_management_module
1.36:k
ibmadvanced_management_module
1.42:d
ibmadvanced_management_module
1.42:f
ibmadvanced_management_module
1.42:i
ibmadvanced_management_module
1.42:n
ibmadvanced_management_module
1.42:o
ibmadvanced_management_module
1.42:t
ibmadvanced_management_module
2.46:c
ibmadvanced_management_module
2.46:j
ibmadvanced_management_module
2.48:c
ibmadvanced_management_module
2.48:d
ibmadvanced_management_module
2.48:g
ibmadvanced_management_module
2.48:n
ibmadvanced_management_module
2.50:c
ibmadvanced_management_module
2.50:g
ibmadvanced_management_module
2.50:k
ibmadvanced_management_module
2.50:p
ibmadvanced_management_module
3.54:d
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dsecrg.com/pages/vul/show.php?id=154
http://osvdb.org/66122
http://osvdb.org/66125
http://osvdb.org/66126
http://osvdb.org/66127
http://osvdb.org/66128
http://osvdb.org/66129
http://osvdb.org/66130
http://www.exploit-db.com/exploits/14237/
http://www.securityfocus.com/bid/41383
http://dsecrg.com/pages/vul/show.php?id=154
http://osvdb.org/66122
http://osvdb.org/66125
http://osvdb.org/66126
http://osvdb.org/66127
http://osvdb.org/66128
http://osvdb.org/66129
http://osvdb.org/66130
http://www.exploit-db.com/exploits/14237/
http://www.securityfocus.com/bid/41383