VYPR
Vendor

Mezzanine

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2024-25169CriFeb 28, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.

  • CVE-2024-25170CriFeb 28, 2024
    risk 0.59cvss 9.1epss 0.01

    An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.

  • CVE-2025-29573MedMay 5, 2025
    risk 0.40cvss 6.1epss 0.00

    Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.

  • CVE-2025-50481MedJul 23, 2025
    risk 0.34cvss 4.8epss 0.01

    A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.

  • CVE-2018-16632MedDec 28, 2018
    risk 0.31cvss 4.8epss 0.01

    Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.