Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/42578?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/42578?format=api", "purl": "pkg:pypi/indico@3.3.2", "type": "pypi", "namespace": "", "name": "indico", "version": "3.3.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.3.8", "latest_non_vulnerable_version": "3.3.12", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36859?format=api", "vulnerability_id": "VCID-3ev2-cjep-w3fd", "summary": "Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the `next` URL. Exploitation requires initiating the account creation process with a maliciously crafted link, and then finalizing the signup process. Because of this, it can only target newly created (and thus unprivileged) Indico users. Indico 3.3.4 upgrades the dependency on Flask-Multipass to version 0.5.5, which fixes the issue. Those who build the Indico package themselves and cannot upgrade can update the `flask-multipass` dependency to `>=0.5.5` which fixes the vulnerability. Otherwise one could configure one's web server to disallow requests containing a query string with a `next` parameter that starts with `javascript:`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00809", "scoring_system": "epss", "scoring_elements": "0.74594", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45399" }, { "reference_url": "https://github.com/indico/flask-multipass/commit/0bdcf656d469e5f675cb56fd644d82fea3a97c2a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T20:17:25Z/" } ], "url": "https://github.com/indico/flask-multipass/commit/0bdcf656d469e5f675cb56fd644d82fea3a97c2a" }, { "reference_url": "https://github.com/indico/indico", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indico/indico" }, { "reference_url": "https://github.com/indico/indico/commit/7dcb573837b9fd09d95f74d1baeae225b164cc8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T20:17:25Z/" } ], "url": "https://github.com/indico/indico/commit/7dcb573837b9fd09d95f74d1baeae225b164cc8f" }, { "reference_url": "https://github.com/indico/indico/releases/tag/v3.3.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T20:17:25Z/" } ], "url": "https://github.com/indico/indico/releases/tag/v3.3.4" }, { "reference_url": "https://github.com/indico/indico/security/advisories/GHSA-rrqf-w74j-24ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T20:17:25Z/" } ], "url": "https://github.com/indico/indico/security/advisories/GHSA-rrqf-w74j-24ff" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/indico/PYSEC-2024-90.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/indico/PYSEC-2024-90.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45399", "reference_id": "CVE-2024-45399", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45399" }, { "reference_url": "https://github.com/advisories/GHSA-rrqf-w74j-24ff", "reference_id": "GHSA-rrqf-w74j-24ff", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrqf-w74j-24ff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42580?format=api", "purl": "pkg:pypi/indico@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-c98b-cth4-1yf3" }, { "vulnerability": "VCID-m3r7-uja3-ybge" }, { "vulnerability": "VCID-yduc-fh4z-3ueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/indico@3.3.4" } ], "aliases": [ "CVE-2024-45399", "GHSA-rrqf-w74j-24ff", "PYSEC-2024-90" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ev2-cjep-w3fd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57649?format=api", "vulnerability_id": "VCID-c98b-cth4-1yf3", "summary": "Indico vulnerability allows attackers to bulk dump user details\nAn endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump basic user details (such as name, affiliation and email) in bulk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38626", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53640" }, { "reference_url": "https://docs.getindico.io/en/stable/config/settings/#ALLOW_PUBLIC_USER_SEARCH", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T15:00:08Z/" } ], "url": "https://docs.getindico.io/en/stable/config/settings/#ALLOW_PUBLIC_USER_SEARCH" }, { "reference_url": "https://docs.getindico.io/en/stable/installation/upgrade", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T15:00:08Z/" } ], "url": "https://docs.getindico.io/en/stable/installation/upgrade" }, { "reference_url": "https://github.com/indico/indico", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indico/indico" }, { "reference_url": "https://github.com/indico/indico/pull/6936/commits/f8583557a3da56aeea8857ae69bf17c9066c95c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indico/indico/pull/6936/commits/f8583557a3da56aeea8857ae69bf17c9066c95c1" }, { "reference_url": "https://github.com/indico/indico/releases/tag/v3.3.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T15:00:08Z/" } ], "url": "https://github.com/indico/indico/releases/tag/v3.3.7" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve202553640-detect-indico-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve202553640-detect-indico-vulnerability" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve202553640-mitigate-indico-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve202553640-mitigate-indico-vulnerability" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53640", "reference_id": "CVE-2025-53640", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53640" }, { "reference_url": "https://github.com/advisories/GHSA-q28v-664f-q6wj", "reference_id": "GHSA-q28v-664f-q6wj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q28v-664f-q6wj" }, { "reference_url": "https://github.com/indico/indico/security/advisories/GHSA-q28v-664f-q6wj", "reference_id": "GHSA-q28v-664f-q6wj", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T15:00:08Z/" } ], "url": "https://github.com/indico/indico/security/advisories/GHSA-q28v-664f-q6wj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85740?format=api", "purl": "pkg:pypi/indico@3.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m3r7-uja3-ybge" }, { "vulnerability": "VCID-yduc-fh4z-3ueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/indico@3.3.7" } ], "aliases": [ "CVE-2025-53640", "GHSA-q28v-664f-q6wj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c98b-cth4-1yf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56487?format=api", "vulnerability_id": "VCID-gwzf-9uat-akcr", "summary": "Indico Insecure Access\nA Broken Object Level Authorization (BOLA) vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09014", "scoring_system": "epss", "scoring_elements": "0.9279", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50633" }, { "reference_url": "https://github.com/cetinpy/CVE-2024-50633/issues/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-17T17:21:51Z/" } ], "url": "https://github.com/cetinpy/CVE-2024-50633/issues/1" }, { "reference_url": "https://github.com/indico/indico", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indico/indico" }, { "reference_url": "https://github.com/cetinpy/CVE-2024-50633", "reference_id": "CVE-2024-50633", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-17T17:21:51Z/" } ], "url": "https://github.com/cetinpy/CVE-2024-50633" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50633", "reference_id": "CVE-2024-50633", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50633" }, { "reference_url": "https://github.com/advisories/GHSA-3wg7-r7q5-r2jf", "reference_id": "GHSA-3wg7-r7q5-r2jf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3wg7-r7q5-r2jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42579?format=api", "purl": "pkg:pypi/indico@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ev2-cjep-w3fd" }, { "vulnerability": "VCID-c98b-cth4-1yf3" }, { "vulnerability": "VCID-m3r7-uja3-ybge" }, { "vulnerability": "VCID-yduc-fh4z-3ueu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/indico@3.3.3" } ], "aliases": [ "CVE-2024-50633", "GHSA-3wg7-r7q5-r2jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwzf-9uat-akcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58149?format=api", "vulnerability_id": "VCID-m3r7-uja3-ybge", "summary": "Indico may disclose unauthorized user details access via legacy API\nA legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16534", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59034" }, { "reference_url": "https://github.com/indico/indico", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indico/indico" }, { "reference_url": "https://github.com/indico/indico/releases/tag/v3.3.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T14:27:11Z/" } ], "url": "https://github.com/indico/indico/releases/tag/v3.3.8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59034", "reference_id": "CVE-2025-59034", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59034" }, { "reference_url": "https://github.com/advisories/GHSA-4269-mcfh-cp7q", "reference_id": "GHSA-4269-mcfh-cp7q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4269-mcfh-cp7q" }, { "reference_url": "https://github.com/indico/indico/security/advisories/GHSA-4269-mcfh-cp7q", "reference_id": "GHSA-4269-mcfh-cp7q", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T14:27:11Z/" } ], "url": "https://github.com/indico/indico/security/advisories/GHSA-4269-mcfh-cp7q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86536?format=api", "purl": "pkg:pypi/indico@3.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/indico@3.3.8" } ], "aliases": [ "CVE-2025-59034", "GHSA-4269-mcfh-cp7q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m3r7-uja3-ybge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58151?format=api", "vulnerability_id": "VCID-yduc-fh4z-3ueu", "summary": "Indico vulnerable to Cross-Site Scripting via LaTeX math code\nThere is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12392", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59035" }, { "reference_url": "https://github.com/indico/indico", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indico/indico" }, { "reference_url": "https://github.com/indico/indico/releases/tag/v3.3.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T14:26:59Z/" } ], "url": "https://github.com/indico/indico/releases/tag/v3.3.8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59035", "reference_id": "CVE-2025-59035", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59035" }, { "reference_url": "https://github.com/advisories/GHSA-7cf7-9wrr-vrf4", "reference_id": "GHSA-7cf7-9wrr-vrf4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7cf7-9wrr-vrf4" }, { "reference_url": "https://github.com/indico/indico/security/advisories/GHSA-7cf7-9wrr-vrf4", "reference_id": "GHSA-7cf7-9wrr-vrf4", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T14:26:59Z/" } ], "url": "https://github.com/indico/indico/security/advisories/GHSA-7cf7-9wrr-vrf4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86536?format=api", "purl": "pkg:pypi/indico@3.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/indico@3.3.8" } ], "aliases": [ "CVE-2025-59035", "GHSA-7cf7-9wrr-vrf4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yduc-fh4z-3ueu" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/indico@3.3.2" }