Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
PR:H reflects high-privilege operator requirement; AC:H maps the AT:P preconditions; S:C captures cross-browser XSS scope change; no availability impact applies to HTML injection.
Primary rating from Vendor (rami.io).
CVSS VectorVendor: rami.io
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
AnalysisAI
HTML injection in the pretix-digital Pretix ticketing plugin (CWE-80) allows high-privileged operators to embed malicious script-bearing HTML into event content that subsequently executes in the browsers of end users viewing rendered ticket or event pages. All versions of the plugin are indicated as affected per the CPE wildcard, with a vendor fix shipped in the 2026.5.2 release. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already hold high-privilege (PR:H) Pretix operator access with the ability to edit content rendered by the pretix-digital plugin - this categorically excludes unauthenticated or low-privileged external attackers. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A Pretix operator with plugin configuration access embeds a malicious HTML payload - such as an inline event handler or a script tag - into a digital ticket or event description field managed by the pretix-digital plugin. When a ticket purchaser or site visitor passively loads the affected event page, their browser interprets and executes the injected content, potentially exposing session tokens or allowing unauthorized in-browser actions on the victim's behalf. … |
| Remediation | Upgrade the pretix-digital plugin to version 2026.5.2 or later as documented in the vendor release blog at https://pretix.eu/about/en/blog/20260625-release-2026-5-2/. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-80 – Basic XSS
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39412
GHSA-4p6m-xxpw-9r8j