CVE-2026-12863 PUBLISHED

Open redirect

Assigner: rami.io
Reserved: 22.06.2026 Published: 22.06.2026 Updated: 22.06.2026

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
CVSS Score: 5.1

Product Status

Vendor pretix
Product Venueless
Versions Default: unaffected
  • affected from 0.0.0 to d27864a7 (excl.)

Credits

  • Raju finder

References

Problem Types

  • CWE-601 URL redirection to untrusted site ('open redirect') CWE