CVE-2009-1288
published 2009-04-13CVE-2009-1288: Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.76%
75.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | advanced_management_module | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
| ibm | bladecenter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IBM Bladecenter Advanced Management Module 1.42 - Login 'Username' Cross-Site Scripting
exploitdb·2009-04-09
CVE-2009-1288 IBM Bladecenter Advanced Management Module 1.42 - Login 'Username' Cross-Site Scripting
IBM Bladecenter Advanced Management Module 1.42 - Login 'Username' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/34447/info
IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities:
- An HTML-injection vulnerability
- A cross-site scripting vulnerability
- An information-disclosure vulnerability
- Multiple cross-site request-forgery vulnerabilities
An attacker can exploit these issues to obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and perform actions as an authenticated user of the application. Other attacks are also possible.
Versions prior to BladeCenter Advanced Management Module 1.42U are vulnerable.
For the HTML-injection issue:
username:
Exploit-DB
IBM Bladecenter Advanced Management Module 1.42 - '/private/file_Management.ssi?PATH' Cross-Site Scripting
exploitdb·2009-04-09
CVE-2009-1288 IBM Bladecenter Advanced Management Module 1.42 - '/private/file_Management.ssi?PATH' Cross-Site Scripting
IBM Bladecenter Advanced Management Module 1.42 - '/private/file_Management.ssi?PATH' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/34447/info
IBM BladeCenter Advanced Management Module is prone to the following remote vulnerabilities:
- An HTML-injection vulnerability
- A cross-site scripting vulnerability
- An information-disclosure vulnerability
- Multiple cross-site request-forgery vulnerabilities
An attacker can exploit these issues to obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and perform actions as an authenticated user of the application. Other attacks are also possible.
Versions prior to BladeCenter Advanced Management Module 1.42U are vulnerable.
http://example.com/private/file_management
No writeups or analysis indexed.
http://osvdb.org/53657http://osvdb.org/53658http://securitytracker.com/id?1022025http://www.louhinetworks.fi/advisory/ibm_090409.txthttp://www.securityfocus.com/archive/1/502582/100/0/threadedhttp://www.securityfocus.com/bid/34447http://osvdb.org/53657http://osvdb.org/53658http://securitytracker.com/id?1022025http://www.louhinetworks.fi/advisory/ibm_090409.txthttp://www.securityfocus.com/archive/1/502582/100/0/threadedhttp://www.securityfocus.com/bid/34447
2009-04-13
Published