VYPR

Pretalx

by Pretalx

pypi: pretalx

Source repositories

CVEs (4)

  • CVE-2026-41241HigApr 23, 2026
    risk 0.50cvss 8.7epss 0.00

    pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields…

  • CVE-2026-41426MedApr 24, 2026
    risk 0.33cvss 6.1epss 0.00

    pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as…

  • CVE-2023-28459Apr 20, 2023
    risk 0.00cvss epss 0.07

    pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.

  • CVE-2023-28458Apr 20, 2023
    risk 0.00cvss epss 0.03

    pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.