Medium severity6.1NVD Advisory· Published May 19, 2021· Updated Jun 17, 2026
CVE-2021-31930
CVE-2021-31930
Description
Persistent cross-site scripting (XSS) in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the First Name or Last Name parameter upon registration. When a privileged user attempts to delete the account, the XSS payload will be executed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Concerto/Concertodescription
Patches
Vulnerability mechanics
References
2- github.com/concerto/concerto/pull/1558nvdThird Party Advisory
- github.com/concerto/concerto/security/advisoriesnvdThird Party Advisory
News mentions
0No linked articles in our index yet.