CVE-2026-13225

medium

Description

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order.

References

https://pretix.eu/about/en/blog/20260625-release-2026-5-2/

Details

Source: Mitre, NVD

Published: 2026-06-25

Updated: 2026-06-25

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Severity: Medium

Detections

Analytics