Description

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields (which includes any registered user whose display name is looked up by an administrator) could include HTML or JavaScript that would execute in an organiser's browser when the organiser's search query matched the malicious record. This vulnerability is fixed in 2026.1.0.

INFO

Published Date :

2026-04-23T18:30:56.991Z

Last Modified :

2026-04-23T19:23:19.257Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-41241 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41241.

URL Resource
https://github.com/pretalx/pretalx/security/advisories/GHSA-cjcx-jfp2-f7m2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact