CVE-2026-57532 (GCVE-0-2026-57532)
Vulnerability from cvelistv5 – Published: 2026-06-25 14:32 – Updated: 2026-06-25 15:04
VLAI
Summary
Malicious HTML content contained in the layout specification of a PDF
ticket or badge layout was executed when the PDF editor is opened in the
browser. This could allow one backend user to inject JavaScript into
the browser context of another backend user. Due to requirements of the
PDF rendering and editing libraries used, this is one of the few pages
in our backend that do not have a strong Content-Security-Policy that
would render this capability useless for most scenarios.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-80 - Improper neutralization of Script-Related HTML tags in a web page (basic XSS)
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T15:04:18.329787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T15:04:24.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "pretix",
"product": "pretix",
"repo": "https://github.com/pretix/pretix",
"vendor": "pretix",
"versions": [
{
"lessThan": "2026.3.4",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "2026.4.4",
"status": "affected",
"version": "2026.4.0",
"versionType": "python"
},
{
"lessThan": "2026.5.2",
"status": "affected",
"version": "2026.5.0",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Malicious HTML content contained in the layout specification of a PDF \nticket or badge layout was executed when the PDF editor is opened in the\n browser. This could allow one backend user to inject JavaScript into \nthe browser context of another backend user. Due to requirements of the \nPDF rendering and editing libraries used, this is one of the few pages \nin our backend that do not have a strong Content-Security-Policy that \nwould render this capability useless for most scenarios."
}
],
"value": "Malicious HTML content contained in the layout specification of a PDF \nticket or badge layout was executed when the PDF editor is opened in the\n browser. This could allow one backend user to inject JavaScript into \nthe browser context of another backend user. Due to requirements of the \nPDF rendering and editing libraries used, this is one of the few pages \nin our backend that do not have a strong Content-Security-Policy that \nwould render this capability useless for most scenarios."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper neutralization of Script-Related HTML tags in a web page (basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T14:32:37.967Z",
"orgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"shortName": "rami.io"
},
"references": [
{
"url": "https://pretix.eu/about/en/blog/20260625-release-2026-5-2/"
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"assignerShortName": "rami.io",
"cveId": "CVE-2026-57532",
"datePublished": "2026-06-25T14:32:37.967Z",
"dateReserved": "2026-06-24T15:59:32.628Z",
"dateUpdated": "2026-06-25T15:04:24.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-57532",
"date": "2026-06-30",
"epss": "0.0033",
"percentile": "0.24716"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-57532\",\"sourceIdentifier\":\"655498c3-6ec5-4f0b-aea6-853b334d05a6\",\"published\":\"2026-06-25T15:16:41.457\",\"lastModified\":\"2026-06-25T16:16:43.063\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Malicious HTML content contained in the layout specification of a PDF \\nticket or badge layout was executed when the PDF editor is opened in the\\n browser. This could allow one backend user to inject JavaScript into \\nthe browser context of another backend user. Due to requirements of the \\nPDF rendering and editing libraries used, this is one of the few pages \\nin our backend that do not have a strong Content-Security-Policy that \\nwould render this capability useless for most scenarios.\"}],\"affected\":[{\"source\":\"655498c3-6ec5-4f0b-aea6-853b334d05a6\",\"affectedData\":[{\"vendor\":\"pretix\",\"product\":\"pretix\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pypi.python.org\",\"packageName\":\"pretix\",\"repo\":\"https://github.com/pretix/pretix\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"2026.3.4\",\"versionType\":\"python\",\"status\":\"affected\"},{\"version\":\"2026.4.0\",\"lessThan\":\"2026.4.4\",\"versionType\":\"python\",\"status\":\"affected\"},{\"version\":\"2026.5.0\",\"lessThan\":\"2026.5.2\",\"versionType\":\"python\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"655498c3-6ec5-4f0b-aea6-853b334d05a6\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-25T15:04:18.329787Z\",\"id\":\"CVE-2026-57532\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"655498c3-6ec5-4f0b-aea6-853b334d05a6\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-80\"}]}],\"references\":[{\"url\":\"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/\",\"source\":\"655498c3-6ec5-4f0b-aea6-853b334d05a6\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"655498c3-6ec5-4f0b-aea6-853b334d05a6\", \"shortName\": \"rami.io\", \"dateUpdated\": \"2026-06-25T14:32:37.967Z\"}, \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-80\", \"description\": \"CWE-80 Improper neutralization of Script-Related HTML tags in a web page (basic XSS)\", \"type\": \"CWE\"}]}], \"impacts\": [{\"capecId\": \"CAPEC-592\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-592 Stored XSS\"}]}], \"affected\": [{\"vendor\": \"pretix\", \"product\": \"pretix\", \"collectionURL\": \"https://pypi.python.org\", \"packageName\": \"pretix\", \"repo\": \"https://github.com/pretix/pretix\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2026.3.4\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"2026.4.0\", \"lessThan\": \"2026.4.4\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"2026.5.0\", \"lessThan\": \"2026.5.2\", \"versionType\": \"python\"}], \"defaultStatus\": \"unaffected\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Malicious HTML content contained in the layout specification of a PDF \\nticket or badge layout was executed when the PDF editor is opened in the\\n browser. This could allow one backend user to inject JavaScript into \\nthe browser context of another backend user. Due to requirements of the \\nPDF rendering and editing libraries used, this is one of the few pages \\nin our backend that do not have a strong Content-Security-Policy that \\nwould render this capability useless for most scenarios.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"Malicious HTML content contained in the layout specification of a PDF \\nticket or badge layout was executed when the PDF editor is opened in the\\n browser. This could allow one backend user to inject JavaScript into \\nthe browser context of another backend user. Due to requirements of the \\nPDF rendering and editing libraries used, this is one of the few pages \\nin our backend that do not have a strong Content-Security-Policy that \\nwould render this capability useless for most scenarios.\"}]}], \"references\": [{\"url\": \"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/\"}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}], \"cvssV4_0\": {\"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"PASSIVE\", \"vulnConfidentialityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"exploitMaturity\": \"NOT_DEFINED\", \"Safety\": \"NOT_DEFINED\", \"Automatable\": \"NOT_DEFINED\", \"Recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"version\": \"4.0\", \"baseSeverity\": \"HIGH\", \"baseScore\": 8.8, \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\"}}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-57532\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-25T15:04:18.329787Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-25T15:04:21.299Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-57532\", \"assignerOrgId\": \"655498c3-6ec5-4f0b-aea6-853b334d05a6\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"rami.io\", \"dateReserved\": \"2026-06-24T15:59:32.628Z\", \"datePublished\": \"2026-06-25T14:32:37.967Z\", \"dateUpdated\": \"2026-06-25T15:04:24.738Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…