CVE-2018-1513

MEDIUM

IBM Sterling B2B Integrator 5.2.0-5.2.6 - Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1513. PoCs published by Vikas Khanna.

AI-analyzed exploit summary This is a technical writeup detailing a persistent XSS vulnerability in IBM Sterling B2B Integrator. It describes the steps to exploit the vulnerability by injecting malicious payloads into the 'fname' and 'lname' parameters, which are then rendered in the Performance Tuning module.

Description

IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Vikas Khanna · textwebappsmultiple

https://www.exploit-db.com/exploits/45190

View Code ZIP pw:eip

This is a technical writeup detailing a persistent XSS vulnerability in IBM Sterling B2B Integrator. It describes the steps to exploit the vulnerability by injecting malicious payloads into the 'fname' and 'lname' parameters, which are then rendered in the Performance Tuning module.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: IBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3

Auth required

Prerequisites: Access to IBM Sterling B2B Integrator · Privileges to modify user account details · Access to the Performance Tuning module

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/141551

Vendor Advisory x_refsource_confirm

http://www.ibm.com/support/docview.wss?uid=ibm10717031

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104910

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45190/

Scores

CVSS v3 5.4

EPSS 0.0294

EPSS Percentile 85.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

ibm/sterling_b2b_integrator 5.2 - 5.2.6

Published Jul 23, 2018

Tracked Since Feb 18, 2026