CVE Field Guide
About Us
CVE-2026-57534
PUBLISHED
Stored XSS in pretix-pages
Assigner:
rami.io
Reserved:
24.06.2026
Published:
25.06.2026
Updated:
25.06.2026
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
Metrics
CVSS 4.0
CVSS Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
CVSS Score:
2.1
CVSS score
2.1
Exploitability Metrics
Vulnerable System Impact Metrics
Subsequent System Impact Metrics
Attack Vector
Network
Confidentiality
Low
Confidentiality
Low
Attack Complexity
Low
Integrity
Low
Integrity
Low
Attack Requirements
Present
Availability
Low
Availability
Low
Privileges Required
High
User Interaction
None
CVSS 4.0
Product Status
Vendor
pretix
Product
pretix-pages
Versions
Default:
unaffected
affected from 0 to 1.6.4 (excl.)
References
https://pretix.eu/about/en/blog/20260625-release-2026-5-2/
Problem Types
CWE-80 Improper neutralization of Script-Related HTML tags in a web page (basic XSS)
CWE
Impacts
stored xss