CVE Catalog
CVE-2026-13314
LowCVSS 2.0Summary
The pretix-digital plugin is vulnerable to malicious HTML content injection into rendered content. An attacker can exploit this flaw to embed arbitrary HTML code, potentially leading to cross-site scripting (XSS) attacks.
Risk Assessment
The risk involves the possibility of executing scripts in users' browsers, which could result in session theft, redirection to malicious sites, or theft of sensitive data.
Recommendation
Immediately update the pretix-digital plugin to the latest version that includes a fix for the HTML injection vulnerability.
Original NVD description (English source)
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.

