Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
2009-04-13T16:30:00.437
2025-04-09T00:30:58.490
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | advanced_management_module | 1.36h | Yes |
| Hardware | ibm | bladecenter | e | Yes |
| Hardware | ibm | bladecenter | e | Yes |
| Hardware | ibm | bladecenter | e | Yes |
| Hardware | ibm | bladecenter | h | Yes |
| Hardware | ibm | bladecenter | h | Yes |
| Hardware | ibm | bladecenter | hc10 | Yes |
| Hardware | ibm | bladecenter | hs12 | Yes |
| Hardware | ibm | bladecenter | hs12 | Yes |
| Hardware | ibm | bladecenter | hs12 | Yes |
| Hardware | ibm | bladecenter | hs20 | Yes |
| Hardware | ibm | bladecenter | hs21 | Yes |
| Hardware | ibm | bladecenter | hs21 | Yes |
| Hardware | ibm | bladecenter | hs21_xm | Yes |
| Hardware | ibm | bladecenter | hs21_xm | Yes |
| Hardware | ibm | bladecenter | ht | Yes |
| Hardware | ibm | bladecenter | ht | Yes |
| Hardware | ibm | bladecenter | js12 | Yes |
| Hardware | ibm | bladecenter | js21 | Yes |
| Hardware | ibm | bladecenter | js21 | Yes |
| Hardware | ibm | bladecenter | js22 | Yes |
| Hardware | ibm | bladecenter | ls20 | Yes |
| Hardware | ibm | bladecenter | ls21 | Yes |
| Hardware | ibm | bladecenter | ls41 | Yes |
| Hardware | ibm | bladecenter | qs21 | Yes |
| Hardware | ibm | bladecenter | qs22 | Yes |
| Hardware | ibm | bladecenter | s | Yes |
| Hardware | ibm | bladecenter | s | Yes |
| Hardware | ibm | bladecenter | t | Yes |
| Hardware | ibm | bladecenter | t | Yes |