Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1288 — Cross-site Scripting in IBM Advanced Management Module

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

11.3%

top 6.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Advanced Management Module IBM Bladecenter

Timeline

PublishedApr 13

Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/advanced_management_module1.36h

▶NVDibm/bladecenter18 versions+17

🔴Vulnerability Details

GHSA

GHSA-9fgx-9cxg-qj43: Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with B↗2022-05-02

▶

CVEList

CVE-2009-1288: Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with B↗2009-04-13

▶

💥Exploits & PoCs

Exploit-DB

IBM Bladecenter Advanced Management Module 1.42 - Login 'Username' Cross-Site Scripting↗2009-04-09

▶

Exploit-DB

IBM Bladecenter Advanced Management Module 1.42 - '/private/file_Management.ssi?PATH' Cross-Site Scripting↗2009-04-09

▶