PT-2025-37075 · Cern+1 · Indico+1

Thiefmaster

·

Publicado

2025-09-10

·

Atualizado

2025-09-10

·

CVE-2025-59035

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions: Indico versions prior to 3.3.8
Description: Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. A Cross-Site-Scripting issue exists when rendering LaTeX math code in contribution or abstract descriptions.
Recommendations: Update to Indico version 3.3.8. As a workaround, restrict content creation to trusted users.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2025-59035
GHSA-7CF7-9WRR-VRF4

Produtos afetados

Flask-Multipass
Indico