CVE-2025-36019

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0

Description The IBM Concert Z hub framework is susceptible to cross-site scripting. An unauthenticated attacker can inject arbitrary JavaScript code into the Web UI, potentially modifying the intended functionality and leading to credentials disclosure within a trusted session.

Recommendations Update to a version later than 2.1.0.