CVE-2026-57534 | Malicious HTML content could be injected into the content of… | CVSS 2.1 LOW

Description

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.

CVE ID: CVE-2026-57534
State: PUBLISHED
Assigner: rami.io
Reserved: 2026-06-24 15:59 UTC
Published: 2026-06-25 14:11 UTC
Last updated: 2026-06-25 15:12 UTC
Primary CWE: CWE-80
CWE-80 Improper neutralization of Script-Related HTML tags i…
Vendor / Product: pretix / pretix-pages
Sources: cve.org · NVD

2.1 LOW CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

SSVC — CISA Coordinator

Affected products (1)

Vendor	Product	Platform	Versions
pretix	pretix-pages	—	0 < 1.6.4

Weakness (CWE)

CWE	Source	Description
CWE-80	cna	CWE-80 Improper neutralization of Script-Related HTML tags in a web page (basic XSS)

CVSS scores (1)

Score	Severity	Version	Source	Vector
2.1	LOW	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

References (1)