VDB

CVE-2025-13702

CVE-2025-13702 PUBLISHED CVSS 6.099999904632568 MEDIUM

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

EPSS 0.01% · 1.9th percentile

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.01%
1.9th percentile

Affected Products

VendorProductVersions
n/an/an/a
ibmsterling_partner_engagement_manager6.2.4, 6.2.3, 6.2.4
IBMSterling Partner Engagement Manager6.2.3.0, 6.2.4.0, 6.2.3.0

Timeline

  • Sep 12, 2017 PoC Published
  • Mar 13, 2026 CVE Published
  • Mar 13, 2026 PoC Published
  • Mar 14, 2026 EPSS Score
  • Mar 15, 2026 EPSS Score
  • Mar 16, 2026 EPSS Score
  • Mar 17, 2026 EPSS Score
  • Mar 18, 2026 EPSS Score
  • Mar 19, 2026 EPSS Score
  • Mar 20, 2026 EPSS Score
  • Mar 21, 2026 EPSS Score
  • Mar 22, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›