116 matches found
EUVD-2018-8437
Malware in sbrugna...
EUVD-2021-0134
Malware in sbrugna...
EUVD-2025-13438
Malicious code in bioql PyPI...
EUVD-2025-18488
Malicious code in bioql PyPI...
EUVD-2025-22459
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Mezzanine CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to filter user-supplied input in the /blog/blogpost/add component, allowing injection of malicious scripts into blog posts...
📄 Mezzanine CMS 6.1.0 Cross Site Scripting
Mezzanine CMS version 6.10 suffers from a persistent cross site scripting vulnerability. Exploit Title: Mezzanine CMS 6.1.0 Stored Cross Site Scripting XSS via component /blog/blogpost/add Date: 23/07/2025 Exploit Author: Kevin Dicks Vendor Homepage: https://github.com/stephenmcd/mezzanine Softwa...
Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Mezzanine CMS 6.1.0 Stored Cross Site Scripting XSS via component /blog/blogpost/add Date: 23/07/2025 Exploit Author: Kevin Dicks Vendor Homepage: https://github.com/stephenmcd/mezzanine Software Link: https://github.com/stephenmcd/mezzanine Version: 6.1.0 Category: Web Application...
CVE-2025-50481
A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...
cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-50481 via mezzanine (>=3.1.10 <=6.0.0)
mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-50481 Source advisory: OSV:GHSA-269J-37WW-CMH3...
GHSA-269J-37WW-CMH3 Mezzanine CMS vulnerable to Cross-site Scripting
A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...
Mezzanine CMS vulnerable to Cross-site Scripting
A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...
mezzanine-api (>=0.1.0a1 <=0.7.1) potentially affected by CVE-2025-50481 via mezzanine (=6.0.0)
mezzanine PYPI version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mezzanine and may be impacted: - mezzanine-api =0.1.0a1, =0.7.1 Source cves: CVE-2025-50481 Source advisory: SNYK:PYTHON-MEZZANINE-10905844...
open-helpdesk (>=0.4.1 <=0.4.4) potentially affected by CVE-2025-50481 via mezzanine (=3.1.10)
mezzanine PYPI version =3.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on mezzanine and may be impacted: - open-helpdesk =0.4.1, =0.4.4 Source cves: CVE-2025-50481 Source advisory: OSV:PYSEC-2025-137...
CVE-2025-50481
A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...
PYSEC-2025-137
A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...
cartridge-braintree (>=1.2.1 <=1.2.2), django-clubhouse (>=0.0.1 <=0.2.19) +1 more potentially affected by CVE-2025-50481 via mezzanine (>=4.1.0 <=4.3.1)
mezzanine PYPI version =4.1.0, =1.2.1, =0.0.1, =0.1.0b1, =1.7.1 Source cves: CVE-2025-50481 Source advisory: OSV:PYSEC-2025-137...
cartridge (>=1.0.0b1 <=1.3.1) potentially affected by CVE-2025-50481 via mezzanine (=5.1.4)
mezzanine PYPI version =5.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on mezzanine and may be impacted: - cartridge =1.0.0b1, =1.3.1 Source cves: CVE-2025-50481 Source advisory: OSV:PYSEC-2025-137...
CVE-2025-50481
A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...
PYSEC-2025-137
A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...