CVE-2013-5406

{"id": "CVE-2013-5406", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-12-21T14:22:56.893", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96055", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/64446", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87355", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96055", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/64446", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87355", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades cross-site scripting (XSS) en IBM Sterling B2B Integrator 5.2 y Sterling File Gateway 2.2 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a trav\u00e9s de par\u00e1metros no especificados, llevando a una interacci\u00f3n inapropiada con el manejador de protocolo Windows MHTML."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F805BA3A-178D-416E-9DED-4258F71A17C8"}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1554D69E-D68E-46CA-B1F7-C24CAABF58E8"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}