Latest version: v3.3.6
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| PVE-2021-37567 | 37567 |
Indico 2.2.3 and 2.1.10 fixes LaTeX sanitization to prevent malicious… |
|
HIDDEN | X.Y |
| PVE-2021-37570 | 37570 |
Indico 2.1.11 and 2.2.4 fix more places where LaTeX input was not cor… |
|
HIDDEN | X.Y |
| CVE-2025-27516 | 76109 |
Indico updates the `Jinja2 library due to a sandbox escape vulnerabil… |
|
- | - |
| CVE-2024-45399 | 76110 |
Indico fixes an open redirect during account creation. Exploitation r… |
|
MEDIUM | 6.1 |
| CVE-2024-50633 | 76358 |
A Broken Object Level Authorization (BOLA) vulnerability in Indico v3… |
|
- | - |
| CVE-2023-46136 | 64474 |
Indico 3.2.9 updates its Werkzeug dependency, upgrading from version … |
|
HIGH | 7.5 |
| CVE-2023-4863 | 61766 |
Indico 3.2.8 updates its dependency 'pillow' to include a fix for a h… |
|
HIGH | 8.8 |
| CVE-2023-37901 | 59751 |
Indico 3.2.6 includes a fix for an XSS vulnerability. Exploitation re… |
|
MEDIUM | 5.4 |
| PVE-2023-59202 | 59202 |
Indico 3.2.5 includes a fix for a XSS vulnerability. https://github.… |
|
- | - |
| CVE-2023-0286 | 53450 |
Indico 3.2.3 updates its dependency 'cryptography ' to include a secu… |
|
HIGH | 7.4 |
| PVE-2023-53437 | 53437 |
Indico 3.2.3 sanitizes HTML in global announcement messages to avoid … |
|
- | - |
| CVE-2023-25577 | 53451 |
Indico 3.2.3 updates its dependency 'werkzeug' to include a security … |
|
HIGH | 7.5 |
| PVE-2021-40856 | 40856 |
Indico 3.0rc1 re-implements the 'OAuth' provider module based on a mo… |
|
- | - |
| PVE-2022-48310 | 48310 |
Indico 3.0.3 protects authentication endpoints against CSRF login att… |
|
- | - |
| PVE-2021-40429 | 40429 |
Indico 3.0 improves security for the 'OAuth' provider module. |
|
- | - |
| PVE-2021-40430 | 40430 |
Indico 2.3.5 fixes XSS vulnerabilities in the category picker (via ca… |
|
HIDDEN | X.Y |
| CVE-2021-30185 | 40431 |
Indico 2.3.4 includes a fix for CVE-2021-30185: CERN Indico before 2.… |
|
HIGH | 7.5 |
| PVE-2022-48311 | 48311 |
Indico 2.3.1 fixes a potential data leakage between OAuth-authenticat… |
|
- | - |
| CVE-2020-5312 | 43463 |
Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include sec… |
|
CRITICAL | 9.8 |
| CVE-2020-5310 | 38163 |
Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include sec… |
|
HIGH | 8.8 |
| CVE-2020-6817 | 43466 |
Indico 2.2.8 updates its dependency 'bleach' to v3.1.4 to include sec… |
|
HIGH | 7.5 |
| CVE-2019-19911 | 43465 |
Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include sec… |
|
HIGH | 7.5 |
| CVE-2020-5311 | 43462 |
Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include sec… |
|
CRITICAL | 9.8 |
| CVE-2020-6816 | 43467 |
Indico 2.2.8 updates its dependency 'bleach' to v3.1.4 to include sec… |
|
MEDIUM | 6.1 |
| CVE-2020-5313 | 43464 |
Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include sec… |
|
HIGH | 7.1 |
| PVE-2022-45398 | 45398 |
Indico 2.1.3 prevents session managers/coordinators from modifying ce… |
|
HIDDEN | X.Y |
| PVE-1970-34153 | 34153 |
Indico 2.1.3 returns only timetable entries for the current session w… |
|
HIDDEN | X.Y |
| PVE-2021-35802 | 35802 |
indico before 2.0.2 uses a insecure transitive dependency (bleach). |
|
- | - |
| PVE-2021-37568 | 37568 |
Indico 2.0.3 no longer shows contribution information (metadata inclu… |
|
- | - |