4 matches found
Cross-site Scripting (XSS)
Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Cross-site Scripting XSS when rendering LaTeX math code in contribution and abstract description sections. Details Cross-site scripting or XSS is a code...
GHSA-7CF7-9WRR-VRF4 Indico vulnerable to Cross-Site Scripting via LaTeX math code
Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds Only let trustworthy users create content on...
CVE-2025-59035 Indico vulnerable to Cross-Site Scripting via LaTeX math code
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...
CVE-2025-59035 Indico vulnerable to Cross-Site Scripting via LaTeX math code
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...