2 matches found
Cross-Site Scripting (XSS)
mezzanine is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the "View Entries" feature within the Forms module, which allows an attacker to inject malicious scripts that execute in the context of another user's session...
Mezzanine allows attackers to bypass access control mechanisms
An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request...