Vulnerability Details : CVE-2013-5405
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2013-5405
Probability of exploitation activity in the next 30 days: 0.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 42 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5405
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2013-5405
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5405
-
http://www-01.ibm.com/support/docview.wss?uid=swg21657539
IBM Security Bulletin: Vulnerabilities found in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2013-4002, CVE-2013-5409, CVE-2013-5405, CVE-2013-5406, CVE-2013-5407, CVE-2013-5411, CVE
-
http://www.securityfocus.com/bid/64443
IBM Sterling B2B Integrator and Sterling File Gateway Unspecified Cross Site Scripting Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/87354
IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting CVE-2013-5405 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96053
IBM IC96053: Cross-Site Scripting Security Vulnerability
Products affected by CVE-2013-5405
- cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*