IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Fixes

Solution

IBM strongly recommends addressing these vulnerabilities now by upgrading to IBM Concert Software 2.0.0 Download IBM Concert Software 2.0.0 from Container software library section of IBM Entitled Registry ( ICR https://myibm.ibm.com/products-services/containerlibrary ) and follow installation instructions https://www.ibm.com/docs/en/concert  depending on the type of deployment.


Workaround

No workaround given by the vendor.

History

Wed, 03 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*

Tue, 02 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 01 Sep 2025 14:45:00 +0000

Type Values Removed Values Added
Description IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Title IBM Concert Software cross-site scripting
First Time appeared Ibm
Ibm concert
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:concert:1.1.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm concert
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-09-02T20:24:24.372Z

Reserved: 2025-04-15T17:50:20.369Z

Link: CVE-2025-33083

cve-icon Vulnrichment

Updated: 2025-09-02T20:24:14.021Z

cve-icon NVD

Status : Analyzed

Published: 2025-09-01T15:15:34.640

Modified: 2025-09-03T16:05:02.183

Link: CVE-2025-33083

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.