PyPI package
mezzanine
pkg:pypi/mezzanine
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-50481 | — | <= 6.1.0 | — | Jul 23, 2025 | A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post. | ||
| CVE-2025-6050 | — | < 6.1.1 | 6.1.1 | Jun 17, 2025 | Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses | ||
| CVE-2025-29573 | — | <= 6.0.0 | — | May 5, 2025 | Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module. | ||
| CVE-2024-25170 | — | <= 6.0.0 | — | Feb 28, 2024 | An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header. | ||
| CVE-2024-25169 | — | <= 6.0.0 | — | Feb 28, 2024 | An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request. | ||
| CVE-2020-19002 | — | <= 6.0.0 | — | Aug 27, 2021 | Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632. |
- CVE-2025-50481Jul 23, 2025affected <= 6.1.0
A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.
- CVE-2025-6050Jun 17, 2025affected < 6.1.1fixed 6.1.1
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses
- CVE-2025-29573May 5, 2025affected <= 6.0.0
Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.
- CVE-2024-25170Feb 28, 2024affected <= 6.0.0
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.
- CVE-2024-25169Feb 28, 2024affected <= 6.0.0
An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.
- CVE-2020-19002Aug 27, 2021affected <= 6.0.0
Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632.