cbcvebase.
CVE-2012-2172
published 2012-06-22

CVE-2012-2172: Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18…

PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.63%
73.2th percentile
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.

Affected

20 ranges
VendorProductVersion rangeFixed in
ibmds4100
ibmds4200
ibmds4300
ibmds4400
ibmds4500
ibmds4700
ibmds4800
ibmds_storage_manager_host_software<= 10.83
ibmds_storage_manager_host_software
ibmds_storage_manager_host_software
ibmsystem_storage_dcs3700_storage_subsystem
ibmsystem_storage_ds3200
ibmsystem_storage_ds3300
ibmsystem_storage_ds3400
ibmsystem_storage_ds3512
ibmsystem_storage_ds3524
ibmsystem_storage_ds3950_express
ibmsystem_storage_ds5020_disk_controller
ibmsystem_storage_ds5100_storage_controller
ibmsystem_storage_ds5300_storage_controller
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.