CVEs-PoC/2021/CVE-2021-20562.md

### [CVE-2021-20562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20562)
![](https://img.shields.io/static/v1?label=Product&message=Sterling%20B2B%20Integrator&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.2.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.2.6.5_3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.1.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.1.0.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting&color=brightgreen)

### Description

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232.

### POC

#### Reference
- http://packetstormsecurity.com/files/164782/IBM-Sterling-B2B-Integrator-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2021/Nov/16

#### Github
No PoCs found on GitHub currently.