Indico Security Vulnerabilities and Issues — Indico CVE List

Lucene search

CernIndico

2 matches found

CVE•added 2025/09/10 4:15 p.m.•5 views

CVE-2025-59034

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check. U...

4.3CVSS6.3AI score0.00032EPSS

CVE•added 2025/09/10 4:15 p.m.•4 views

CVE-2025-59035

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as s...

5.4CVSS6.6AI score0.00048EPSS