HTML Injection Vulnerability in Pretix-Digital Plugin by Pretix
CVE-2026-13314

2LOW

Key Information:

Vendor: Pretix
Status: Pretix-digital
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-13314?

The Pretix-Digital plugin is susceptible to HTML injection, allowing attackers to insert malicious HTML content into user-rendered areas. This vulnerability can lead to various security issues, including phishing attacks and data manipulation, compromising the integrity of the affected systems. It is essential for users to update their plugins to the latest version to mitigate these risks effectively.

Affected Version(s)

pretix-digital 0 < 1.6.5

References

https://pretix.eu/about/en/blog/20260625-release-2026-5-2/

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 25, 2026

CVE-2026-13314 Data

JSON