Vendor
Mezzanine
Products
1
CVEs
5
Across products
5
Status
Private
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25169 | Cri | 0.64 | 9.8 | 0.01 | Feb 28, 2024 | An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request. | ||
| CVE-2024-25170 | Cri | 0.59 | 9.1 | 0.01 | Feb 28, 2024 | An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header. | ||
| CVE-2025-29573 | Med | 0.40 | 6.1 | 0.00 | May 5, 2025 | Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module. | ||
| CVE-2025-50481 | Med | 0.34 | 4.8 | 0.01 | Jul 23, 2025 | A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post. | ||
| CVE-2018-16632 | Med | 0.31 | 4.8 | 0.01 | Dec 28, 2018 | Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/. |
- risk 0.64cvss 9.8epss 0.01
An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.
- risk 0.59cvss 9.1epss 0.01
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.
- risk 0.40cvss 6.1epss 0.00
Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.
- risk 0.34cvss 4.8epss 0.01
A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.
- risk 0.31cvss 4.8epss 0.01
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.