XSS in Pretix

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and di…

Affected products

  • Pretix — versions 0, 2026.4.0, 2026.5.0

Weakness classification (CWE)

References