Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.8 views

CVE-2026-41241

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS5.6AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2026/04/23 7:17 p.m.5 views

CVE-2026-41241

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS0.00166EPSS
Exploits0References1
PyPA
PyPA
added 2026/04/23 7:17 p.m.19 views

PYSEC-2026-108

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS5.9AI score0.00166EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:30 p.m.6 views

CVE-2026-41241

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS5.8AI score0.00166EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/23 6:30 p.m.3 views

CVE-2026-41241 pretalx: Stored cross-site scripting in organiser search typeahead

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS5.8AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/23 6:30 p.m.34 views

CVE-2026-41241 pretalx: Stored cross-site scripting in organiser search typeahead

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS0.00166EPSS
Exploits0References1
CVE
CVE
added 2026/04/23 6:30 p.m.10 views

CVE-2026-41241

CVE-2026-41241 affects pretalx prior to 2026.1.0. The organiser search typeahead stored results render titles, speaker display names, and user names/emails via innerHTML string interpolation, enabling stored cross-site scripting if a user controls one of those fields. This could allow HTML/JavaSc...

8.7CVSS5.8AI score0.00166EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/18 1:11 a.m.11 views

pretalx vulnerable to stored cross-site scripting in organizer search typeahead

The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes any registered user whose display name is looked up by an...

8.7CVSS5.8AI score0.00166EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/18 1:11 a.m.7 views

GHSA-CJCX-JFP2-F7M2 pretalx vulnerable to stored cross-site scripting in organizer search typeahead

The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes any registered user whose display name is looked up by an...

8.7CVSS5.8AI score0.00166EPSS
Exploits0References4
Rows per page
Query Builder