CVE-2025-59035

Name of the Vulnerable Software and Affected Versions: Indico versions prior to 3.3.8

Description: Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. A Cross-Site-Scripting issue exists when rendering LaTeX math code in contribution or abstract descriptions.

Recommendations: Update to Indico version 3.3.8. As a workaround, restrict content creation to trusted users.