Pretix · Pretix · CVE-2025-13742
**Name of the Vulnerable Software and Affected Versions**
pretix (affected versions not specified)
**Description**
The software allows the use of placeholders in email templates that are populated with customer data, such as the attendee's name. If a customer's name contains HTML or Markdown formatting, this formatting is rendered in the final email. While a strict allow list approach prevents cross-site scripting (XSS) or similar attacks, this can be exploited to manipulate emails, potentially enabling phishing attacks by making user-provided content appear trustworthy. The issue involves the rendering of potentially malicious formatting within the `name` placeholder when constructing emails.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.