CNNVD-202509-1506 Information

CNNVD ID

CNNVD-202509-1506

Related CVE

CVE-2025-59035

• CNNVD Published: 2025-09-10

Description (Chinese)

Indico是Indico开源的一个功能丰富的事件管理系统。 Indico 3.3.8之前版本存在跨站脚本漏洞，该漏洞源于渲染LaTeX数学代码时存在跨站脚本漏洞。

Description (English)

Indico is a functional, open-source event management system for Indico. The pre-Indico 3.3.8 version had a cross-site script loophole, which originated when the LaTeX mathematical code was being rendered.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

工业光魔

Published

2025-09-10

Last Modified

2026-02-24

References

https://github.com/indico/indico/releases/tag/v3.3.8 https://github.com/indico/indico/security/advisories/GHSA-7cf7-9wrr-vrf4

Patch

https://github.com/indico/indico/releases