Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2654Cross-site Scripting in IBM Advanced Management Module

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
3.4%
top 12.50%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Advanced Management Module
Timeline
PublishedJul 8
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to pr

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-57qh-96v2-9frp: Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possib2022-05-17
CVEList
CVE-2010-2654: Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possib2010-07-07

💥Exploits & PoCs

1
Exploit-DB
IBM Bladecenter Management - Multiple Web Application Vulnerabilities2010-07-06
CVE-2010-2654 — Cross-site Scripting in IBM | cvebase