ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution
8.8CVSS
9AI Score
0.002EPSS
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.
7.5CVSS
7.5AI Score
0.001EPSS
Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a speaker) and then someone ...
5.4CVSS
5.3AI Score
0.001EPSS
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the n...
6.1CVSS
7.1AI Score
0.001EPSS