CVE-2026-13225

Vulnerability Description

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order.

Related Weaknesses (CWE)

CWE-80

References

https://pretix.eu/about/en/blog/20260625-release-2026-5-2/

FAQ

What is CVE-2026-13225?

CVE-2026-13225 is a documented vulnerability. Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order.

How severe is CVE-2026-13225?

CVSS scoring is not yet available for CVE-2026-13225. Check NVD for updates.

Is there a patch for CVE-2026-13225?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.