CVE-2009-1288

Name of the Vulnerable Software and Affected Versions IBM BladeCenter Advanced Management Module (AMM) (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via two methods: (1) the username in a login action, or (2) the PATH parameter to "private/file management.ssi" in the File manager.

Recommendations For the IBM BladeCenter Advanced Management Module (AMM), consider restricting access to the login functionality and the File manager until a fix is available. As a temporary workaround, avoid using the username field in login actions and the PATH parameter in "private/file management.ssi" to minimize the risk of exploitation.