Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

indico — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting indico. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Indico is an event management platform used for organizing conferences, workshops, and academic gatherings. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. Notable security characteristics include its open-source nature and integration with various authentication systems. While no major public incidents have been widely reported, the 9 CVEs on record highlight recurring issues in areas like file upload functionality and session management. Organizations using the platform should prioritize timely patching and harden configurations against common web application threats.

Top products by indico: indico
CVE IDTitleCVSSSeverityPublished
CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection — indicoCWE-78 9.8 -2026-03-23
CVE-2026-28352 Indico missing access check in event series management API — indicoCWE-306 6.5 Medium2026-02-27
CVE-2026-25739 Indico affected by Cross-Site-Scripting via material uploads — indicoCWE-79 5.4 Medium2026-02-19
CVE-2026-25738 Indico has Server-Side Request Forgery (SSRF) in multiple places — indicoCWE-367 7.5AIHighAI2026-02-19
CVE-2025-59035 Indico vulnerable to Cross-Site Scripting via LaTeX math code — indicoCWE-79 4.6 Medium2025-09-10
CVE-2025-59034 Indico may disclose unauthorized user details access via legacy API — indicoCWE-639 4.3 Medium2025-09-10
CVE-2025-53640 Indico vulnerable to user enumeration via API endpoint — indicoCWE-200 5.3AIMediumAI2025-07-14
CVE-2024-45399 Indico has a Cross-Site-Scripting during account creation — indicoCWE-79 4.3 Medium2024-09-04
CVE-2023-37901 Cross-Site-Scripting via confirmation prompts — indicoCWE-79 5.4 Medium2023-07-21

This page lists every published CVE security advisory associated with indico. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.