CVE-2018-1563

MEDIUM

IBM Sterling B2B Integrator 5.2.0.1-5.2.6.2 and Sterling File Gateway 2.2.0-2.2.5 - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1563. PoCs published by Vikas Khanna.

AI-analyzed exploit summary This is a technical writeup detailing a persistent XSS vulnerability in IBM Sterling B2B Integrator. It describes the steps to exploit the vulnerability by injecting malicious payloads into the 'fname' and 'lname' parameters, which are then rendered in the Performance Tuning module.

Description

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Vikas Khanna · textwebappsmultiple
https://www.exploit-db.com/exploits/45190

This is a technical writeup detailing a persistent XSS vulnerability in IBM Sterling B2B Integrator. It describes the steps to exploit the vulnerability by injecting malicious payloads into the 'fname' and 'lname' parameters, which are then rendered in the Performance Tuning module.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: IBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3
Auth required
Prerequisites: Access to IBM Sterling B2B Integrator · Privileges to modify user account details · Access to the Performance Tuning module
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=ibm10717031
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104910
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/142967
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45190/

Scores

CVSS v3 5.4
EPSS 0.0284
EPSS Percentile 84.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
ibm/sterling_b2b_integrator 5.2.0.1 - 5.2.6.3
ibm/sterling_file_gateway 2.2.0 - 2.2.6
Published Jul 20, 2018
Tracked Since Feb 18, 2026