Mezzanine Security Vulnerabilities and Issues — Mezzanine CVE List

Lucene search

JupoMezzanine

7 matches found

CVE•added 2024/02/28 8:15 p.m.•5695 views

CVE-2024-25170

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.

9.1CVSS6.7AI score0.01371EPSS

CVE•added 2024/02/28 8:15 p.m.•116 views

CVE-2024-25169

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.

9.8CVSS6.5AI score0.00804EPSS

CVE•added 2025/05/05 7:15 p.m.•44 views

CVE-2025-29573

Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.

6.1CVSS5.6AI score0.00051EPSS

CVE•added 2018/12/28 5:29 p.m.•43 views

CVE-2018-16632

Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.

4.8CVSS5.2AI score0.00235EPSS

CVE•added 2021/08/27 7:15 p.m.•40 views

CVE-2020-19002

Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632.

6.1CVSS5.6AI score0.00427EPSS

CVE•added 2025/06/17 11:15 a.m.•19 views

CVE-2025-6050

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin...

4.8CVSS5.2AI score0.00037EPSS

CVE•added 2025/07/23 4:15 p.m.•9 views

CVE-2025-50481

A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.

4.8CVSS5.5AI score0.00051EPSS