CVE-2024-8113 - Pretix Stored XSS Allowance
<strong>CVE ID : </strong>CVE-2024-8113
<br>
<strong>Published : </strong> Aug. 23, 2024, 3:15 p.m. | 2 hours, 8 minutes ago
<br>
<strong>Description : </strong>Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However, combined with a CSP bypass (which is not currently known) the vulnerability could be used to impersonate other organizers or staff users.
<br>
<strong>Severity:</strong> 0.0 | NA
<br>
Visit the link for more details, such as CVSS details, affected products, timeline, and more...