7 matches found
CVE-2025-6050
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-6050 via mezzanine (>=3.1.10 <=6.0.0)
mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-6050 Source advisory: OSV:GHSA-7PR5-W74R-JJJ7...
mezzanine-api (>=0.1.0a1 <=0.7.1) potentially affected by CVE-2025-6050 via mezzanine (=6.0.0)
mezzanine PYPI version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mezzanine and may be impacted: - mezzanine-api =0.1.0a1, =0.7.1 Source cves: CVE-2025-6050 Source advisory: SNYK:PYTHON-MEZZANINE-10379730...
CVE-2025-6050
creationtimestamp| type| source ---|---|--- 2025-06-17 11:38:27+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18580 2025-06-17 15:28:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrssoskvg62r...
CVE-2025-6050 Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
CVE-2025-6050 Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...
CVE-2025-6050
CVE-2025-6050 affects Mezzanine CMS versions before 6.1.1. The vulnerability is a Stored XSS in the admin interface caused by improper sanitization in the displayable_links_js path, where a blog post title containing malicious JavaScript is included in JSON responses served at /admin/displayable_...