7 matches found
Command Injection
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Command Injection via the runMac and runLinux functions. An attacker can execute arbitrary system commands and compromise the system by supplying malicious remote...
PT-2026-2115
Name of the Vulnerable Software and Affected Versions OWASP Core Rule Set versions prior to 4.22.0 OWASP Core Rule Set versions prior to 3.3.8 Description A bug in rule 922110 affects the processing of multipart requests with multiple parts. When the first rule in a chain iterates over a collecti...
Indico vulnerable to Cross-Site Scripting via LaTeX math code
Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds Only let trustworthy users create content on...
Authorization Bypass Through User-Controlled Key
Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the legacy API for retrieving user details. An attacker can access profile information of other users...
CVE-2025-59035 Indico vulnerable to Cross-Site Scripting via LaTeX math code
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...
CVE-2025-59035 Indico vulnerable to Cross-Site Scripting via LaTeX math code
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...
CVE-2025-59034 Indico may disclose unauthorized user details access via legacy API
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check...