CVE Field Guide
About Us
CVE-2026-13314
PUBLISHED
Stored XSS in pretix-digital
Assigner:
rami.io
Reserved:
25.06.2026
Published:
25.06.2026
Updated:
25.06.2026
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
Metrics
CVSS 4.0
CVSS Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
CVSS Score:
2
CVSS score
2
Exploitability Metrics
Vulnerable System Impact Metrics
Subsequent System Impact Metrics
Attack Vector
Network
Confidentiality
Low
Confidentiality
Low
Attack Complexity
Low
Integrity
Low
Integrity
Low
Attack Requirements
Present
Availability
Low
Availability
Low
Privileges Required
High
User Interaction
Passive
CVSS 4.0
Product Status
Vendor
pretix
Product
pretix-digital
Versions
Default:
unaffected
affected from 0 to 1.6.5 (excl.)
References
https://pretix.eu/about/en/blog/20260625-release-2026-5-2/
Problem Types
CWE-80 Improper neutralization of Script-Related HTML tags in a web page (basic XSS)
CWE
Impacts
CAPEC-592 Stored XSS