3 matches found
CVE-2021-31930
Persistent cross-site scripting XSS in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the First Name or Last Name parameter upon registration. When a privileged user attempts to delete the...
CVE-2021-31930
The CVE-2021-31930 issue affects Concerto (web interface) up to version 2.3.6. The vulnerability is a persistent cross-site scripting (XSS) flaw where an unauthenticated attacker can inject arbitrary JavaScript via the First Name or Last Name fields during user registration. The payload is execut...
CVE-2021-31930
Persistent cross-site scripting XSS in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the First Name or Last Name parameter upon registration. When a privileged user attempts to delete the...