IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines (IBM). A cross-site scripting vulnerability exists in IBM Sterling Partner Engagement Manager, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI.