{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-06-20T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"}, {"name": "ssds-multiple-mp-xss(75239)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2172", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt", "refsource": "MISC", "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"}, {"name": "ssds-multiple-mp-xss(75239)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"}, {"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172", "refsource": "CONFIRM", "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:26:08.416Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"}, {"name": "ssds-multiple-mp-xss(75239)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-2172", "datePublished": "2012-06-22T10:00:00.000Z", "dateReserved": "2012-04-04T00:00:00.000Z", "dateUpdated": "2024-08-06T19:26:08.416Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3019D7A-C9A4-48D9-BAE9-E03ED79A184F", "versionEndIncluding": "10.83", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.8:*:*:*:*:*:*:*", "matchCriteriaId": "52489840-0CBD-4B10-AA5C-77FBD52D2A24", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.60.x5.14:*:*:*:*:*:*:*", "matchCriteriaId": "9752934B-9CFD-4233-885A-63F80F0B2766", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*", "matchCriteriaId": "A70E5F14-9F22-4263-B9E2-5CADBCE1BE52", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:ds4100:1724:*:*:*:*:*:*:*", "matchCriteriaId": "CE202F3C-2971-492B-9263-4EEEA5762592", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:ds4200:1814:*:*:*:*:*:*:*", "matchCriteriaId": "5BC0E7FA-32C0-4C26-AE27-9500E674847B", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:ds4300:1722:*:*:*:*:*:*:*", "matchCriteriaId": "2A9D7E15-763E-4443-81DA-94418D5643E1", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:ds4400:1742:*:*:*:*:*:*:*", "matchCriteriaId": "CF34B72A-9608-4883-A2A2-629125D163B2", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:ds4500:1742:*:*:*:*:*:*:*", "matchCriteriaId": "03D296A9-E67C-449E-B774-FF20A8333187", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:ds4700:1814:*:*:*:*:*:*:*", "matchCriteriaId": "75BC52EE-EB60-4C18-9987-36CAE56F67D5", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:ds4800:1815:*:*:*:*:*:*:*", "matchCriteriaId": "38291A79-ED22-45ED-80B1-B98F2F92BA66", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:system_storage_dcs3700_storage_subsystem:1818:*:*:*:*:*:*:*", "matchCriteriaId": "8BDC1691-A4B4-4AE4-A19C-BA2FDF0C28E7", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3200:1726:*:*:*:*:*:*:*", "matchCriteriaId": "B78F6585-8890-477B-AA4F-1A4092DD6F43", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3300:1726:*:*:*:*:*:*:*", "matchCriteriaId": "69A41183-73AA-4148-90E8-2D34A70E4A9C", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3400:1726:*:*:*:*:*:*:*", "matchCriteriaId": "9A509484-6D73-4F0F-B996-94EF58E36010", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3512:1746:*:*:*:*:*:*:*", "matchCriteriaId": "48750AB0-08B3-4A60-8102-7BEFB985FB1F", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3524:1746:*:*:*:*:*:*:*", "matchCriteriaId": "CDF9BE45-D6D6-410E-BABB-A834D33A52A8", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3950_express:1814:*:*:*:*:*:*:*", "matchCriteriaId": "CA4ABA37-8B79-414F-9510-458DF0C1064C", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds5020_disk_controller:1814-20a:*:*:*:*:*:*:*", "matchCriteriaId": "7D7EA1B8-EC32-444B-9485-F6EFE1B6DD20", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds5100_storage_controller:1818:*:*:*:*:*:*:*", "matchCriteriaId": "979FD97C-0E37-43C9-AB2F-F79FCE15D135", "vulnerable": true}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds5300_storage_controller:1818:*:*:*:*:*:*:*", "matchCriteriaId": "3BAC221F-B825-418F-BE80-BB7A074E346F", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en SoftwareRegistration.do en Storage Manager Profiler en IBM System Storage DS Storage Manager antes de v10.83.xx.18 en dispositivos de la Serie DS, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro updateRegn."}], "id": "CVE-2012-2172", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-06-22T10:24:07.003", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"}, {"source": "psirt@us.ibm.com", "tags": ["Exploit"], "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}