CVE-2024-8113
CVSS V2 None
CVSS V3 None
Description
Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However, combined with a CSP bypass (which is not currently known) the vulnerability could be used to impersonate other organizers or staff users.
Overview
- CVE ID
- CVE-2024-8113
- Assigner
- rami.io
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-23T14:18:05.416Z
- Last Modified Date
- 2024-08-23T14:24:05.228Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://pretix.eu/about/en/blog/20240823-release-2024-7-1/ | release-notes |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8113 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8113 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-08-24 13:03:54 | Added to TrackCVE |