GHSA-7CF7-9WRR-VRF4 Indico vulnerable to Cross-Site Scripting via LaTeX math code

Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds Only let trustworthy users create content on...

Indico vulnerable to Cross-Site Scripting via LaTeX math code

Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds Only let trustworthy users create content on...

CVE-2025-59035 Indico vulnerable to Cross-Site Scripting via LaTeX math code

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...

CVE-2025-59035 Indico vulnerable to Cross-Site Scripting via LaTeX math code

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...

CVE-2025-59035

CVE-2025-59035 — Indico XSS via LaTeX math rendering : Multiple sources (NVD, Red Hat, OSV, GHSA advisories, Snyk) confirm a Cross-Site Scripting vulnerability in Indico prior to version 3.3.8, triggered when rendering LaTeX math code in contribution or abstract descriptions. A fixed release is I...

Indico 跨站脚本漏洞

Indico is a feature-rich event management system from Indico Open Source. A cross-site scripting vulnerability exists in Indico versions prior to 3.3.8 that stems from a cross-site scripting vulnerability when rendering LaTeX math code...

Linux Distros Unpatched Vulnerability : CVE-2019-16728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...

Linux Distros Unpatched Vulnerability : CVE-2022-0489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a...

Linux Distros Unpatched Vulnerability : CVE-2019-19010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eval injection in the Math plugin of Limnoria before 2019.11.09 and Supybot through 2018-05-09 allows remote unprivileged attackers to disclose information or...

Linux Distros Unpatched Vulnerability : CVE-2023-29465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of ...

Linux Distros Unpatched Vulnerability : CVE-2020-4054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using...

Linux Distros Unpatched Vulnerability : CVE-2023-2132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...

Linux Distros Unpatched Vulnerability : CVE-2016-1927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random...

Linux Distros Unpatched Vulnerability : CVE-2024-53986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of...

Linux Distros Unpatched Vulnerability : CVE-2022-23519

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain...

Linux Distros Unpatched Vulnerability : CVE-2022-22817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could al...

Linux Distros Unpatched Vulnerability : CVE-2022-23772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE-2022-23772 Note th...

[SECURITY] Fedora 42 Update: pandoc-3.1.11.1-33.fc42

Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...

MAL-2025-34184 Malicious code in sunruse-math-aabb (npm)

The package sunruse-math-aabb was found to contain malicious code...

Malicious code in d3-brave-math (npm)

The package d3-brave-math was found to contain malicious code...