CVE-2026-57533
LowCVSS 2.1Summary
Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes.
Risk Assessment
The organization is exposed to phishing attacks where users may be redirected to fake pages resembling legitimate ones, potentially leading to theft of login credentials or other sensitive information.
Recommendation
Update pretix to the latest version that includes a fix preventing malicious HTML injection. Additionally, consider strengthening the CSP policy and validating all redirects.
Original NVD description (English source)
Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes.

