CVE-2025-13742 Limited HTML injection in emails

🗓️ 27 Nov 2025 11:04:36Reported by rami.ioType

CVE-2025-13742: HTML in user data can be injected in emails via name placeholders, enabling phishing.

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2025-13742	27 Nov 202512:51	–	circl
CNNVD	pretix 安全漏洞	27 Nov 202500:00	–	cnnvd
CVE	CVE-2025-13742	27 Nov 202511:04	–	cve
EUVD	EUVD-2025-199816	27 Nov 202512:30	–	euvd
Github Security Blog	pretix has Email Content Injection Through Maliciously Formatted Names	27 Nov 202512:30	–	github
NVD	CVE-2025-13742	27 Nov 202511:15	–	nvd
OSV	GHSA-2MM6-624X-FQRR pretix has Email Content Injection Through Maliciously Formatted Names	27 Nov 202512:30	–	osv
OSV	PYSEC-2025-154	27 Nov 202511:15	–	osv
Positive Technologies	PT-2025-48262	27 Nov 202500:00	–	ptsecurity
PyPA	PYSEC-2025-154	27 Nov 202511:15	–	pypa

[
  {
    "collectionURL": "https://pypi.org/",
    "defaultStatus": "unaffected",
    "packageName": "pretix",
    "product": "pretix",
    "repo": "https://github.com/pretix/pretix",
    "vendor": "pretix",
    "versions": [
      {
        "lessThan": "2025.7.0",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "python"
      },
      {
        "changes": [
          {
            "at": "2025.7.2",
            "status": "unaffected"
          }
        ],
        "lessThan": "2025.8.0",
        "status": "affected",
        "version": "2025.7.0",
        "versionType": "python"
      },
      {
        "changes": [
          {
            "at": "2025.8.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "2025.9.0",
        "status": "affected",
        "version": "2025.8.0",
        "versionType": "python"
      },
      {
        "changes": [
          {
            "at": "2025.9.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "2025.10.0",
        "status": "affected",
        "version": "2025.9.0",
        "versionType": "python"
      }
    ]
  }
]

Source	Link
pretix	www.pretix.eu/about/en/blog/20251126-release-2025-9-1/

27 Nov 2025 11:04Current

CVSS 46.1

EPSS0.00152