CVE-2025-59035
MEDIUM4.6EPSS 0.04%Indico vulnerable to Cross-Site Scripting via LaTeX math code
描述
### Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. ### Patches You should to update to [Indico 3.3.8](https://github.com/indico/indico/releases/tag/v3.3.8) as soon as possible. See [the docs](https://docs.getindico.io/en/stable/installation/upgrade/) for instructions on how to update. ### Workarounds Only let trustworthy users create content on Indico. Note that a conference doing a Call for Abstracts actively invites external speakers (who the organizers may not know and thus cannot fully trust) to submit content, hence the need to update to a a fixed version ASAP in particular when using such workflows. ### For more information If you have any questions or comments about this advisory: - Open a thread in [our forum](https://talk.getindico.io/) - Email us privately at [[email protected]](mailto:[email protected])
受影響套件(1)
- PyPI/indicofrom 0, < 3.3.8
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |