Mezzanine CMS

CVEs (3)

• CVE-2025-50481Jul 23, 2025
  Mezzanine

  Mezzanine CMS
  risk 0.03cvss —epss 0.00

  A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.

• CVE-2025-6050Jun 17, 2025
  Mezzanine

  Mezzanine CMS
  risk 0.00cvss —epss 0.00

  Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser.

• CVE-2025-29573May 5, 2025
  Mezzanine

  Mezzanine CMS
  risk 0.00cvss —epss 0.00

  Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.