4.3
CVE-2010-2654
- EPSS 3.44%
- Veröffentlicht 08.07.2010 12:54:47
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Advanced Management Module Updatel Version <= 2.48
Ibm ≫ Advanced Management Module Updateg Version <= 3.54
Ibm ≫ Advanced Management Module Version1.00
Ibm ≫ Advanced Management Module Version1.01
Ibm ≫ Advanced Management Module Version1.20
Ibm ≫ Advanced Management Module Version1.20 Updatef
Ibm ≫ Advanced Management Module Version1.25
Ibm ≫ Advanced Management Module Version1.25 Updatee
Ibm ≫ Advanced Management Module Version1.25 Updatei
Ibm ≫ Advanced Management Module Version1.26 Updateb
Ibm ≫ Advanced Management Module Version1.26 Updatee
Ibm ≫ Advanced Management Module Version1.26 Updateh
Ibm ≫ Advanced Management Module Version1.26 Updatei
Ibm ≫ Advanced Management Module Version1.26 Updatek
Ibm ≫ Advanced Management Module Version1.28 Updateg
Ibm ≫ Advanced Management Module Version1.32 Updated
Ibm ≫ Advanced Management Module Version1.34 Updateb
Ibm ≫ Advanced Management Module Version1.34 Updatee
Ibm ≫ Advanced Management Module Version1.36 Updated
Ibm ≫ Advanced Management Module Version1.36 Updateg
Ibm ≫ Advanced Management Module Version1.36 Updateh
Ibm ≫ Advanced Management Module Version1.36 Updatek
Ibm ≫ Advanced Management Module Version1.42 Updated
Ibm ≫ Advanced Management Module Version1.42 Updatef
Ibm ≫ Advanced Management Module Version1.42 Updatei
Ibm ≫ Advanced Management Module Version1.42 Updaten
Ibm ≫ Advanced Management Module Version1.42 Updateo
Ibm ≫ Advanced Management Module Version1.42 Updatet
Ibm ≫ Advanced Management Module Version2.46 Updatec
Ibm ≫ Advanced Management Module Version2.46 Updatej
Ibm ≫ Advanced Management Module Version2.48 Updatec
Ibm ≫ Advanced Management Module Version2.48 Updated
Ibm ≫ Advanced Management Module Version2.48 Updateg
Ibm ≫ Advanced Management Module Version2.48 Updaten
Ibm ≫ Advanced Management Module Version2.50 Updatec
Ibm ≫ Advanced Management Module Version2.50 Updateg
Ibm ≫ Advanced Management Module Version2.50 Updatek
Ibm ≫ Advanced Management Module Version2.50 Updatep
Ibm ≫ Advanced Management Module Version3.54 Updated
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.44% | 0.863 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.