A cross-site scripting vulnerability exists in IBM Sterling Partner Engagement Manager, an automation management tool from IBM. IBM Sterling Partner Engagement Manager stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI to alter the intended functionality, potentially leading to credential disclosure in a trusted session.