{"id":"CVE-2026-57533","details":"Malicious HTML content could be injected into the page pretix shows when\n redirection to an untrusted page occurs. Since this page has a \nContent-Security-Policy, this can mainly be used for phishing purposes.","modified":"2026-07-15T01:48:59.676733751Z","published":"2026-06-25T14:31:18.968Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57533.json","cna_assigner":"rami.io","cwe_ids":["CWE-80"]},"references":[{"type":"WEB","url":"https://pypi.python.org"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57533.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57533"},{"type":"PACKAGE","url":"https://github.com/pretix/pretix"},{"type":"ARTICLE","url":"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pretix/pretix","events":[{"introduced":"0"},{"fixed":"7ed69a8ef77a9baa995918dde784a58fdb6f31d0"},{"introduced":"75c8f97080268d6ef2787108fe5a7e1a47b19e2a"},{"fixed":"2923799b0a36ffd378826b736196c532052709e0"},{"introduced":"dfd388ddebce33ee64d5b201f8ac8a3476192caa"},{"fixed":"7faf6cfd80002d52f4fcec55add989cfbc3576a7"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2026.3.4"},{"introduced":"2026.4.0"},{"fixed":"2026.4.4"},{"introduced":"2026.5.0"},{"fixed":"2026.5.2"}],"source":"AFFECTED_FIELD"}}],"versions":["v2026.5.1","v2026.4.3","v2026.3.3","v2026.4.2","v2026.5.0","v2026.3.2","v2026.3.1","v2026.4.1","v2026.4.0","v2026.2.0","v2026.3.0","v2026.1.0","v2025.10.0","v2025.9.0","v2025.8.0","v2025.7.0","v2025.6.0","v2025.5.0","v2025.4.0","v2025.3.0","v2025.2.0","v2025.1.0","v2024.11.0","v2024.10.0","v2024.9.0","v2024.8.0","v2024.7.0","v2024.6.0","v2024.5.0","v2024.4.0","v2024.3.0","v2024.2.0","v2023.8.0","v2023.9.0","v2024.1.0","v2023.10.0","v2023.7.0","v2023.6.0","v4.20.0","v4.19.0","v4.18.0","v4.15.0","v4.16.0","v4.17.0","v4.14.0","v4.13.0","v4.9.0","v4.10.0","v4.11.0","v4.8.0","v4.6.0","v4.7.0","v4.3.0","v4.5.0","v4.2.0","v4.1.0","v4.0.0","v3.18.0","v3.17.0","v3.16.0","v3.15.0","v3.14.0","v3.13.0","v3.11.0","v3.10.0","v3.9.0","v3.8.0","v3.7.0","v3.6.0","v3.5.0","v3.4.0","v3.3.0","v3.2.0","v3.1.0","v3.0.0","v2.8.0","v2.7.0","s","v2.6.0","v2.5.0","v2.4.0","v2.3.0","v2.2.0","v2.1.0","v2.0.0","v1.17.0","v1.16.0","v1.15.0","v1.14.0","v1.13.0","v1.12.0","v1.11.0","v1.10.0","v1.9.0","v1.8.0","v1.7.0","v1.6.0","v1.5.0","v1.4.0","v1.3.0","v1.2.0","v1.1.0","1.0.0","1.0.0b2","1.0.0b1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57533.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"}]}