3 matches found
CVE-2023-37901
creationtimestamp| type| source ---|---|--- 2023-07-21 22:23:42+00:00| seen| https://t.me/cibsecurity/67108...
CVE-2023-37901 Cross-Site-Scripting via confirmation prompts
Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges such as a speaker and then someone...
CVE-2023-37901
CVE-2023-37901 describes a Cross‑Site Scripting vulnerability in Indico’s confirmation prompts used when deleting content. Exploitation requires at least a submission privilege (e.g., a speaker) and a second user to attempt deletion, with risk heightened by social engineering. The affected softwa...