Cern Indico

11 CVEs affecting Cern Indico. Latest disclosed: 2026-03-23. Critical: 0, High: 2.

Top CVEs affecting Cern Indico
CVESeverityScorePublishedSummary
CVE-2026-33046High8.82026-03-23Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabil…
CVE-2021-30185High7.52021-04-07CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.
CVE-2026-28352Medium6.52026-02-27Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint…
CVE-2025-53640Medium6.52025-07-14Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3…
CVE-2026-25739Medium5.42026-02-19Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cro…
CVE-2023-37901Medium5.42023-07-21Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly use…
CVE-2025-59035Medium4.62025-09-10Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-…
CVE-2026-25738Medium4.32026-02-19Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to ser…
CVE-2025-59034Medium4.32025-09-10Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrie…
CVE-2024-45399Medium4.32024-09-04Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, correspondin…
CVE-2024-50633Unrated2025-01-16A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the…