Lucene search
+L

139 matches found

CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

Indico 代码问题漏洞

Indico is an open-source event management system with rich functionality. Versions of Indico prior to 3.3.10 had code-related vulnerabilities. These vulnerabilities stemmed from improper handling of URLs provided by users, which could lead to server-side request forgery attacks...

6.9CVSS5.8AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

Indico 跨站脚本漏洞

Indico is an open-source event management system with rich functionality. Versions of Indico prior to 3.3.10 had a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of certain file types during upload, which could lead to cross-site scripting attacks...

5.4CVSS5.6AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/17 6:54 p.m.4 views

Cross-site Scripting (XSS)

Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Cross-site Scripting XSS when uploading unspecified files as materials. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

5.4CVSS5.2AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/02/17 6:54 p.m.3 views

GHSA-JXC4-54G3-J7VP Indico Affected by Cross-Site-Scripting via material uploads

Impact There is a Cross-Site-Scripting vulnerability when uploading certain file types as materials. Patches You should to update to Indico 3.3.10 as soon as possible. See the docs for instructions on how to update. Please be aware that to apply the fix itself updating is sufficient, but to benef...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/17 6:54 p.m.7 views

Indico Affected by Cross-Site-Scripting via material uploads

Impact There is a Cross-Site-Scripting vulnerability when uploading certain file types as materials. Patches You should to update to Indico 3.3.10 as soon as possible. See the docs for instructions on how to update. Please be aware that to apply the fix itself updating is sufficient, but to benef...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/02/17 6:53 p.m.3 views

Server-side Request Forgery (SSRF)

Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in isprivateurl in util/network.py. A user can access internal network resources or sensitive endpoints by supplying...

6.9CVSS5.5AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 2026/02/17 6:53 p.m.4 views

GHSA-F47C-3C5W-V7P4 Indico has Server-Side Request Forgery (SSRF) in multiple places

Impact Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of Indico's functionality, but of course it is never intended to let you access "special" targets such as localhost or cloud metadata endpoints. Patches You should to update to Indic...

6.9CVSS5.8AI score0.00189EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/17 6:53 p.m.7 views

Indico has Server-Side Request Forgery (SSRF) in multiple places

Impact Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of Indico's functionality, but of course it is never intended to let you access "special" targets such as localhost or cloud metadata endpoints. Patches You should to update to Indic...

6.9CVSS5.7AI score0.00189EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.7 views

PT-2026-20327

Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.10 Description Indico, an event management system, is susceptible to server-side request forgery SSRF. The system makes outgoing requests to URLs provided by users. While this functionality is intentional, it could...

6.9CVSS5.5AI score0.00189EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.11 views

PT-2026-20328

Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.10 Description Indico, an event management system, is susceptible to a cross-site scripting issue when specific file types are uploaded as materials. The issue exists due to a flaw in the handling of file uploads...

5.4CVSS5AI score0.00161EPSS
Exploits0References10
Veracode
Veracode
added 2025/10/17 11:9 a.m.7 views

Broken Access Control

Indico is vulnerable to Broken Access Control. the vulnerability is due to improper authorization logic that fails to verify the caller's privileges, allowing attackers to invoke the API and obtain profile details of other users without admin permissions...

4.3CVSS6.6AI score0.00235EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0101

Malware in sbrugna...

7.5CVSS7.4AI score0.01047EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0078

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00361EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-0088

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00603EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-0098

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00433EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27577

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00189EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2025-27579

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00235EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/12 4:32 p.m.9 views

CVE-2025-59034

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check...

4.3CVSS7AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/12 4:32 p.m.9 views

CVE-2025-59035

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...

5.4CVSS7.2AI score0.00189EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/10 8:28 p.m.6 views

Indico vulnerable to Cross-Site Scripting via LaTeX math code

Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds Only let trustworthy users create content on...

5.4CVSS7.1AI score0.00189EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder