CVE Catalog

CVE-2026-13314

LowCVSS 2.0
Published: Updated: Translated: NVD NIST

Summary

The pretix-digital plugin is vulnerable to malicious HTML content injection into rendered content. An attacker can exploit this flaw to embed arbitrary HTML code, potentially leading to cross-site scripting (XSS) attacks.

Risk Assessment

The risk involves the possibility of executing scripts in users' browsers, which could result in session theft, redirection to malicious sites, or theft of sensitive data.

Recommendation

Immediately update the pretix-digital plugin to the latest version that includes a fix for the HTML injection vulnerability.

Original NVD description (English source)

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS