Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
17042.7%CRITICAL

Related CVEs

7
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-50481A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.MEDIUM4.843.1%Jul 23, 2025
CVE-2025-6050Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser.MEDIUM4.817.6%Jun 17, 2025
CVE-2025-29573Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.MEDIUM6.115.2%May 5, 2025
CVE-2024-25170An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.CRITICAL9.154.4%Feb 28, 2024
CVE-2024-25169An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.CRITICAL9.861.4%Feb 28, 2024
CVE-2020-19002Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632.MEDIUM6.162.1%Aug 27, 2021
CVE-2018-16632Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.NONE45.0%Dec 28, 2018