XSS in Pretix

CVE-2026-57532

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of a…

Affected products

  • Pretix — versions 0, 2026.4.0, 2026.5.0

Weakness classification (CWE)

References