pkg:PyPI/indico

All known vulnerabilities

• HIGH7.5CVE-2021-30185Indico Tampering with links (e.g. password reset) in sent emails
  from 0, < 2.3.4
• HIGH7.5CVE-2021-30185Indico Tampering with links (e.g. password reset) in sent emails
  from 0, < 2.3.4
• MEDIUM6.5CVE-2026-28352Indico has a missing access check in the event series management API
  from 0, < 3.3.11
• MEDIUM6.1Indico has a Cross-Site-Scripting during account creation
  from 0, < 0bdcf656d469e5f675cb56fd644d82fea3a97c2a | from 0, < 7dcb573837b9fd09d95f74d1baeae225b164cc8f | from 0, < 3.3.4
• MEDIUM6.1Indico has a Cross-Site-Scripting during account creation
  from 0, < 3.3.4
• MEDIUM5.4Indico Affected by Cross-Site-Scripting via material uploads
  from 0, < 3.3.10
• MEDIUM5.4Indico vulnerable to Cross-Site-Scripting via confirmation prompts
  from 0, < 3.2.6
• MEDIUM5.4Indico vulnerable to Cross-Site-Scripting via confirmation prompts
  from 0, < 2ee636d318653fb1ab193803dafbfe3e371d4130 | from 0, < 3.2.6
• MEDIUM4.6Indico vulnerable to Cross-Site Scripting via LaTeX math code
  from 0, < 3.3.8
• MEDIUM4.3Indico may disclose unauthorized user details access via legacy API
  from 0, < 3.3.8
• NONE0.0Indico Insecure Access
  >= 3.2.9, < 3.3.3
• —Indico discloses local files resulting in Remote Code Execution through LaTeX injection
  from 0, < 3.3.12
• —Indico has Server-Side Request Forgery (SSRF) in multiple places
  from 0, < 3.3.10
• —Indico vulnerability allows attackers to bulk dump user details
  >= 2.2, < 3.3.7