NVD Vulnerability Detail
Search Exploit, PoC
CVE-2026-13225
Summary

Malicious HTML content could be injected into the email address of an
order, which pretix showed without sanitization on the confirmation page
for individual tickets in that order.

Publication Date June 26, 2026, 12:16 a.m.
Registration Date June 27, 2026, 4:28 a.m.
Last Update June 26, 2026, 1:16 a.m.
Related information, measures and tools
Common Vulnerabilities List