Lucene search
K

4 matches found

EUVD
EUVD
added 2026/02/16 12:30 p.m.10 views

EUVD-2026-6096

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS5.6AI score0.00501EPSS
Exploits2References8
Github Security Blog
Github Security Blog
added 2026/02/16 12:30 p.m.5 views

pretix unsafely evaluates variables in emails

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: - It was possible to exfiltrate informati...

9CVSS5.5AI score0.00243EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/16 10:16 a.m.4 views

CVE-2026-2451

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS5.6AI score0.00258EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/27 12:30 p.m.8 views

pretix has Email Content Injection Through Maliciously Formatted Names

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.4AI score0.00155EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder