CVE-2026-13225

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

CVE-2026-13225 Stored XSS in ticket confirmation page

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

CVE-2026-13225

The provided connected documents confirm CVE-2026-13225 as a Stored XSS in pretix. Malicious HTML content could be injected into the email address field of an order; pretix displays this on the confirmation page for individual tickets without sanitization. Affects pretix’s order confirmation page...

EUVD-2026-39418

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

Threat Outbreak Alert: Fake Product Order Email Messages on December 25, 2013

Severity Alert ID: 32286 First Published: 2014 January 2 14:21 GMT Version: 1 Threat Outbreak Threat Outbreak Summary Cisco Security has detected significant activity on December 25, 2013. Revision History Initial ReleaseShow Less Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND...