Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-delivered but requires low-privilege auth and user interaction; CSP prevents script execution, limiting impact to phishing-grade HTML injection with no availability consequence.
Primary rating from Vendor (rami.io).
CVSS VectorVendor: rami.io
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes.
AnalysisAI
HTML injection on the pretix untrusted-redirect warning page enables phishing attacks against end users. Affecting the open-source event ticketing platform (all versions prior to 2026.5.2), authenticated low-privileged users can embed malicious HTML content into the redirect interstitial page that pretix displays before forwarding visitors to external URLs. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold a low-privileged authenticated account within the pretix instance (PR:L in CVSS vector) sufficient to create or modify redirect-capable content. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The official CVSS 4.0 score of 2.1 accurately reflects the constrained real-world impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated pretix user with organizer-level or equivalent low-privilege access crafts an event or redirect URL containing malicious HTML payloads targeting the untrusted-redirect warning page. A victim attendee following a legitimate-looking pretix link is shown the injected warning page, which now displays a convincing fake login prompt or spoofed content designed to harvest credentials. … |
| Remediation | Upgrade pretix to version 2026.5.2 or later, as documented in the vendor release blog at https://pretix.eu/about/en/blog/20260625-release-2026-5-2/. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
pretix before 2024.1.1 mishandles file validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex
Stored cross-site scripting in Pretix's PDF ticket and badge layout editor allows one backend user to inject JavaScript
pretix before 2023.7.2 allows Pillow to parse EPS files. Rated high severity (CVSS 7.8), this vulnerability is no authen
Privilege escalation to full account takeover in pretix (open-source event ticketing) and its payment integration plugin
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. Rated high severity (CVSS
Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tag
Information disclosure in Pretix email template processing allows authenticated backend users to extract sensitive syste
Information disclosure in Pretix email template processing allows authenticated backend users to extract sensitive syste
Pretix email template placeholder injection enables authenticated backend users to extract sensitive system information
Pretix 2025 and 2026 versions contain an API endpoint authorization bypass that returns all check-in events for an organ
HTML injection on pretix's individual ticket confirmation page allows unsanitized email address content to execute arbit
An issue was discovered in pretix before 2023.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely expl
Same weakness CWE-80 – Basic XSS
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39423
GHSA-f658-prxw-vx8p