CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.
7.5CVSS
7.5AI Score
0.001EPSS
Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a speaker) and then someone ...
5.4CVSS
5.3AI Score
0.001EPSS
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the n...
6.1CVSS
7.1AI Score
0.0004EPSS