Description
Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However, combined with a CSP bypass (which is not currently known) the vulnerability could be used to impersonate other organizers or staff users.
INFO
Published Date :
2024-08-23T14:18:05.416Z
Last Modified :
2024-08-30T18:40:02.041Z
Source :
rami.io
AFFECTED PRODUCTS
The following products are affected by CVE-2024-8113 vulnerability.
| Vendors | Products |
|---|---|
| Pretix |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8113.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact