139 matches found
Indico 代码问题漏洞
Indico is an open-source event management system with rich functionality. Versions of Indico prior to 3.3.10 had code-related vulnerabilities. These vulnerabilities stemmed from improper handling of URLs provided by users, which could lead to server-side request forgery attacks...
Indico 跨站脚本漏洞
Indico is an open-source event management system with rich functionality. Versions of Indico prior to 3.3.10 had a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of certain file types during upload, which could lead to cross-site scripting attacks...
Cross-site Scripting (XSS)
Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Cross-site Scripting XSS when uploading unspecified files as materials. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...
GHSA-JXC4-54G3-J7VP Indico Affected by Cross-Site-Scripting via material uploads
Impact There is a Cross-Site-Scripting vulnerability when uploading certain file types as materials. Patches You should to update to Indico 3.3.10 as soon as possible. See the docs for instructions on how to update. Please be aware that to apply the fix itself updating is sufficient, but to benef...
Indico Affected by Cross-Site-Scripting via material uploads
Impact There is a Cross-Site-Scripting vulnerability when uploading certain file types as materials. Patches You should to update to Indico 3.3.10 as soon as possible. See the docs for instructions on how to update. Please be aware that to apply the fix itself updating is sufficient, but to benef...
Server-side Request Forgery (SSRF)
Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in isprivateurl in util/network.py. A user can access internal network resources or sensitive endpoints by supplying...
GHSA-F47C-3C5W-V7P4 Indico has Server-Side Request Forgery (SSRF) in multiple places
Impact Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of Indico's functionality, but of course it is never intended to let you access "special" targets such as localhost or cloud metadata endpoints. Patches You should to update to Indic...
Indico has Server-Side Request Forgery (SSRF) in multiple places
Impact Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of Indico's functionality, but of course it is never intended to let you access "special" targets such as localhost or cloud metadata endpoints. Patches You should to update to Indic...
PT-2026-20327
Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.10 Description Indico, an event management system, is susceptible to server-side request forgery SSRF. The system makes outgoing requests to URLs provided by users. While this functionality is intentional, it could...
PT-2026-20328
Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.10 Description Indico, an event management system, is susceptible to a cross-site scripting issue when specific file types are uploaded as materials. The issue exists due to a flaw in the handling of file uploads...
Broken Access Control
Indico is vulnerable to Broken Access Control. the vulnerability is due to improper authorization logic that fails to verify the caller's privileges, allowing attackers to invoke the API and obtain profile details of other users without admin permissions...
EUVD-2021-0101
Malware in sbrugna...
EUVD-2024-0078
Malicious code in bioql PyPI...
EUVD-2025-0088
Malicious code in bioql PyPI...
EUVD-2023-0098
Malicious code in bioql PyPI...
EUVD-2025-27577
Malicious code in bioql PyPI...
EUVD-2025-27579
Malicious code in bioql PyPI...
CVE-2025-59034
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check...
CVE-2025-59035
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...
Indico vulnerable to Cross-Site Scripting via LaTeX math code
Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds Only let trustworthy users create content on...