CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-12 09:21:42 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
8e2ebbf9bd04edab52d0cbcbc6c2f6e2cfdaa67d
CVEs-PoC/2024/CVE-2024-8113.md
T
0xMarcio 8d17e0c8f8 Update CVE sources 2024-08-24 17:55
2024-08-24 17:55:21 +00:00

1008 B
Raw Blame History

CVE-2024-8113

Description

Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However, combined with a CSP bypass (which is not currently known) the vulnerability could be used to impersonate other organizers or staff users.

POC

Reference

No PoCs from references.

Github

Reference in New Issue View Git Blame Copy Permalink