CVE-2023-40693

CVE-2023-40693 affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (versions 6.1.0.0–6.1.2.7_2; 6.2.0.0–6.2.0.5_1; 6.2.1.0–6.2.1.1_1). The vulnerability is cross-site scripting (XSS) in the Web UI, allowing embedding of arbitrary JavaScript code and potentially leading to credential...

CVE-2025-14504

CVE-2025-14504 affects IBM Sterling B2B Integrator and IBM Sterling File Gateway across multiple release lines: 6.1.0.0–6.1.2.7_2, 6.2.0.0–6.2.0.5_1, 6.2.1.0–6.2.1.1_1, and 6.2.2.0. The issue is a cross-site scripting (XSS) vulnerability that allows an authenticated user to inject arbitrary JavaS...

CVE-2025-14504 IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering...

CVE-2026-0835

CVE-2026-0835 affects IBM Sterling B2B Integrator and IBM Sterling File Gateway across multiple versions (6.1.0.0–6.1.2.7_2; 6.2.0.0–6.2.0.5_1; 6.2.1.0–6.2.1.1_1; 6.2.2.0). The issue is a cross-site scripting vulnerability that allows an authenticated user to embed arbitrary JavaScript in the Web...

CVE-2026-0835

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alterin...

CVE-2026-0835

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alterin...

CVE-2025-13702 IBM Sterling Partner Engagement Manager Cross-Site Scripting

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2026-3927

An incorrect security ui flaw was found in the PictureInPicture component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=474948986...

PT-2026-25352

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7 2, 6.2.0.0 through 6.2.0.5 1, 6.2.1.0 through 6.2.1.1 1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus...

IBM Sterling B2B Integrator和IBM Sterling File Gateway 跨站脚本漏洞

IBM Sterling B2B Integrator and IBM Sterling File Gateway are both products of International Business Machines IBM. IBM Sterling B2B Integrator is a software suite that integrates critical B2B processes, transactions, and relationships. This software supports secure integration of complex B2B...

PT-2026-25361

🚨 CVE-2023-40693 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7 2, and 6.2.0.0 through 6.2.0.5 1, 6.2.1.0 through 6.2.1.1 1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the...

PT-2026-25345

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

Fedora 44 : chromium (2026-6e868c481c)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6e868c481c advisory. Update to 146.0.7680.71 CVE-2026-3913: Heap buffer overflow in WebML CVE-2026-3914: Integer overflow in WebML CVE-2026-3915: Heap buffer overflow in...

CVE-2026-31873 Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to XSS security vulnerability in the dashboard UI (CVE-2023-40693)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the XSS security vulnerability Vulnerability Details CVEID:CVE-2023-40693 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed...

EUVD-2026-11448

Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

EUVD-2026-11474

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-11460

Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-11464

Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-11442

Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...