7 matches found
CVE-2026-41426
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...
Zero-Click pretalx XSS Flaw Lets Hackers Hijack Conference Organizer Accounts
pretalx XSS flaw lets attackers hijack conference organizer accounts, steal sessions, auto-accept talks, and demote admins. Patched in v2026.1.0...
EUVD-2026-25273
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...
EUVD-2023-0206
Malicious code in bioql PyPI...
CVE-2023-28459
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...
CVE-2023-28458
creationtimestamp| type| source ---|---|--- 2023-04-21 00:31:05+00:00| seen| https://t.me/cibsecurity/62560 2025-08-27 20:55:20+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pretalxrcecve202328458.rb 2025-10-23 21:13:01+00:00| seen|...
PT-2023-21731 · Pretalx · Pretalx
Name of the Vulnerable Software and Affected Versions: pretalx versions 2.3.1 through 2.3.1 Description: The issue allows path traversal in HTML export, a non-default feature. Organizers can trigger the overwriting of an arbitrary file with the standard pretalx 404 page content. Recommendations:...