High severityNVD Advisory· Published Aug 23, 2024· Updated Aug 30, 2024
Stored XSS in Placeholder Samples in Mail Preview
CVE-2024-8113
Description
Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However, combined with a CSP bypass (which is not currently known) the vulnerability could be used to impersonate other organizers or staff users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pretixPyPI | < 2024.7.1 | 2024.7.1 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-45rp-q25w-4426ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8113ghsaADVISORY
- github.com/pretix/pretix/commit/0f44a2ad4e170882dbe6b9d95dba6c36e4e181cfghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/pretix/PYSEC-2024-180.yamlghsaWEB
- pretix.eu/about/en/blog/20240823-release-2024-7-1ghsaWEB
- pretix.eu/about/en/blog/20240823-release-2024-7-1/mitrerelease-notes
News mentions
0No linked articles in our index yet.