CVE-2026-41241 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: April 23, 2026
pretalx - Stored XSS
Published: April 23, 2026Updated: April 23, 2026Remote Exploitable
Overview
pretalx < 2026.1.0 contains a stored XSS caused by unsafe innerHTML interpolation of submission titles, speaker names, and user emails in organiser search results, letting any user execute JavaScript in organiser's browser, exploit requires organiser to perform search matching malicious input.
Severity & Score
Severity: High
CVSS Score: 8.7
Impact
Attackers can execute arbitrary JavaScript in organiser's browser, potentially stealing credentials or performing actions on behalf of the organiser.
Mitigation
Update to version 2026.1.0 or later.
Related Resources
Details
- CVE ID
- CVE-2026-41241
- Severity
- High
- CVSS Score
- 8.7
- Type
- stored_xss
- Status
- new
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N