9 matches found
CVE-2026-41241
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...
CVE-2026-41241
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...
PYSEC-2026-108
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...
CVE-2026-41241
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...
CVE-2026-41241 pretalx: Stored cross-site scripting in organiser search typeahead
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...
CVE-2026-41241 pretalx: Stored cross-site scripting in organiser search typeahead
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...
CVE-2026-41241
CVE-2026-41241 affects pretalx prior to 2026.1.0. The organiser search typeahead stored results render titles, speaker display names, and user names/emails via innerHTML string interpolation, enabling stored cross-site scripting if a user controls one of those fields. This could allow HTML/JavaSc...
pretalx vulnerable to stored cross-site scripting in organizer search typeahead
The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes any registered user whose display name is looked up by an...
GHSA-CJCX-JFP2-F7M2 pretalx vulnerable to stored cross-site scripting in organizer search typeahead
The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes any registered user whose display name is looked up by an...