Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2025/06/17 12:31 p.m.9 views

Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

4.8CVSS5.2AI score0.00263EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2025/06/17 11:42 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the displayablelinksjs function. An attacker can execute arbitrary JavaScript code in the context of another authenticated admin user's browser by creating a blog post with a crafted title and tricking the...

4.8CVSS5.3AI score0.00263EPSS
Exploits1References2
OSV
OSV
added 2025/06/17 11:15 a.m.4 views

PYSEC-2025-236

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

4.8CVSS5.9AI score0.00263EPSS
Exploits1References4
PyPA
PyPA
added 2025/06/17 11:15 a.m.4 views

PYSEC-2025-236

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

4.8CVSS5.9AI score0.00263EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.16 views

mezzanine 跨站脚本漏洞

mezzanine is a Django CMS framework by stephenmcd individual developers. A cross-site scripting vulnerability exists in mezzanine versions prior to 6.1.1, which stems from insufficient cleanup of the displayablelinksjs function and could lead to a stored cross-site scripting attack...

4.8CVSS5.7AI score0.00263EPSS
Exploits1References3
Rows per page
Query Builder