2 matches found
CVE-2026-13225 Stored XSS in ticket confirmation page
Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...
CVE-2026-13225
The provided connected documents confirm CVE-2026-13225 as a Stored XSS in pretix. Malicious HTML content could be injected into the email address field of an order; pretix displays this on the confirmation page for individual tickets without sanitization. Affects pretix’s order confirmation page...