CVE-2026-57532_CVE-2026-57532

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Malicious HTML content contained in the layout specification of a PDF
ticket or badge layout was executed when the PDF editor is opened in the
browser. This could allow one backend user to inject JavaScript into
the browser context of another backend user. Due to requirements of the
PDF rendering and editing libraries used, this is one of the few pages
in our backend that do not have a strong Content-Security-Policy that
would render this capability useless for most scenarios.

AI Analysis

Malicious HTML content injection vulnerability in pretix PDF editor

Basic Information

ID CVE-2026-57532

Source rami.io

Published Jun 25, 2026 at 14:32

Modified Jun 25, 2026 at 15:04

Affected Product

Vendor pretix

Product pretix

Affected Versions pretix pretix 0
pretix pretix 2026.4.0
pretix pretix 2026.5.0

CWE Classification

CWE-80

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Pretix

Product Pretix PDF Editor

Version 0, 2026.4.0, 2026.5.0

References

pretix.eu /about/en/blog/20260625-release-2026-5-2/

{
    "lastseen": "",
    "description": "Malicious HTML content contained in the layout specification of a PDF \nticket or badge layout was executed when the PDF editor is opened in the\n browser. This could allow one backend user to inject JavaScript into \nthe browser context of another backend user. Due to requirements of the \nPDF rendering and editing libraries used, this is one of the few pages \nin our backend that do not have a strong Content-Security-Policy that \nwould render this capability useless for most scenarios.",
    "published": "2026-06-25T14:32:37.967Z",
    "modified": "2026-06-25T15:04:24.738Z",
    "type": "cve",
    "title": "CVE-2026-57532",
    "source": "rami.io",
    "references": "https://pretix.eu/about/en/blog/20260625-release-2026-5-2/",
    "id": "CVE-2026-57532",
    "bulletinFamily": "",
    "cwe": [
        "CWE-80"
    ],
    "cvelist": null,
    "sourceData": "pretix pretix 0\npretix pretix 2026.4.0\npretix pretix 2026.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pretix",
    "version": "0",
    "vendor": "pretix",
    "ai_description": "Malicious HTML content injection vulnerability in pretix PDF editor",
    "ai_severity": "High",
    "ai_vendor": "Pretix",
    "ai_product": "Pretix PDF Editor",
    "ai_version": "0, 2026.4.0, 2026.5.0",
    "ai_score": 8.8
}