8 matches found
CVE-2026-25739
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...
CVE-2026-25739
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...
CVE-2026-25739 Indico affected by Cross-Site-Scripting via material uploads
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...
CVE-2026-25739
CVE-2026-25739 is reserved with no public details in the Initial document, but a connected advisory (GHSA-JXC4-54G3-J7VP) indicates a Cross‑Site Scripting (XSS) vulnerability in Indico related to uploading materials. The issue occurs when certain file types are uploaded as materials, enabling XSS...
CVE-2026-25739 Indico affected by Cross-Site-Scripting via material uploads
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...
CVE-2026-25739 Indico affected by Cross-Site-Scripting via material uploads
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...
Indico Affected by Cross-Site-Scripting via material uploads
Impact There is a Cross-Site-Scripting vulnerability when uploading certain file types as materials. Patches You should to update to Indico 3.3.10 as soon as possible. See the docs for instructions on how to update. Please be aware that to apply the fix itself updating is sufficient, but to benef...
GHSA-JXC4-54G3-J7VP Indico Affected by Cross-Site-Scripting via material uploads
Impact There is a Cross-Site-Scripting vulnerability when uploading certain file types as materials. Patches You should to update to Indico 3.3.10 as soon as possible. See the docs for instructions on how to update. Please be aware that to apply the fix itself updating is sufficient, but to benef...