CVE-2026-13314 | Malicious HTML content could be injected into the content re… | CVSS 2.0 LOW

Description

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.

CVE ID: CVE-2026-13314
State: PUBLISHED
Assigner: rami.io
Reserved: 2026-06-25 06:59 UTC
Published: 2026-06-25 13:53 UTC
Last updated: 2026-06-25 15:14 UTC
Primary CWE: CWE-80
CWE-80 Improper neutralization of Script-Related HTML tags i…
Vendor / Product: pretix / pretix-digital
Sources: cve.org · NVD

2.0 LOW CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

SSVC — CISA Coordinator

Affected products (1)

Vendor	Product	Platform	Versions
pretix	pretix-digital	—	0 < 1.6.5

Weakness (CWE)

CWE	Source	Description
CWE-80	cna	CWE-80 Improper neutralization of Script-Related HTML tags in a web page (basic XSS)

CVSS scores (1)

Score	Severity	Version	Source	Vector
2.0	LOW	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

References (1)