Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/11/28 8:8 p.m.11 views

CVE-2025-13742

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS6AI score0.00155EPSS
Exploits0References1
OSV
OSV
added 2025/11/27 12:30 p.m.6 views

GHSA-2MM6-624X-FQRR pretix has Email Content Injection Through Maliciously Formatted Names

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.4AI score0.00155EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/11/27 12:30 p.m.10 views

pretix has Email Content Injection Through Maliciously Formatted Names

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.4AI score0.00155EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/11/27 11:15 a.m.7 views

PYSEC-2025-154

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/27 11:4 a.m.9 views

CVE-2025-13742 Limited HTML injection in emails

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS0.00155EPSS
Exploits0References1
OSV
OSV
added 2025/08/19 4:41 p.m.6 views

CVE-2025-54411 Discourse welcome banner user name XSS

Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...

2.4CVSS6AI score0.00187EPSS
Exploits0References4
Rows per page
Query Builder