Mezzanine Security Vulnerabilities and Issues — Mezzanine CVE List

Lucene search

JupoMezzanine

3 matches found

CVE•added 2018/12/28 5:29 p.m.•43 views

CVE-2018-16632

Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.

4.8CVSS5.2AI score0.00235EPSS

CVE•added 2025/06/17 11:15 a.m.•19 views

CVE-2025-6050

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin...

4.8CVSS5.2AI score0.00037EPSS

CVE•added 2025/07/23 4:15 p.m.•8 views

CVE-2025-50481

A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.

4.8CVSS5.5AI score0.00051EPSS