Vulnerability Details : CVE-2009-1288
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2009-1288
- cpe:2.3:a:ibm:advanced_management_module:1.36h:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:e:*:1881:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:s:*:8886:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:t:*:8730:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hs12:*:8014:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hs12:*:1916:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:ls20:*:8850:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:ls21:*:7971:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:ls41:*:7972:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:ht:*:8750:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:h:*:8852:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:js21:*:7988:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:js21:*:8844:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hs21:*:8853:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hs21:*:1885:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:h:*:7989:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:s:*:1948:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:js22:*:7998:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hc10:*:7996:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hs21_xm:*:7995:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hs21_xm:*:1915:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:e:*:7967:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:e:*:8677:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:ht:*:8740:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:t:*:8720:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:js12:*:7998:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hs12:*:8028:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:hs20:*:1883:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:qs21:*:0792:*:*:*:*:*
- cpe:2.3:h:ibm:bladecenter:qs22:*:0793:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1288
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1288
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2009-1288
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1288
Jump to