Jupo Mezzanine vulnerabilities
7 known vulnerabilities affecting jupo/mezzanine.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2024-25170P3CRITICALCVSS 9.1v6.0.02024-02-28
CVE-2024-25170 [CRITICAL] CWE-863 CVE-2024-25170: An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host he
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.
ghsanvdosv
CVE-2024-25169P3CRITICALCVSS 9.8v6.0.02024-02-28
CVE-2024-25169 [CRITICAL] CWE-284 CVE-2024-25169: An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel
An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.
ghsanvdosv
CVE-2025-50481P4MEDIUMCVSS 4.8PoCv6.1.02025-07-23
CVE-2025-50481 [MEDIUM] CWE-79 CVE-2025-50481: A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1
A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.
ghsanvdosv
CVE-2020-19002P4MEDIUMCVSS 6.1v4.3.12021-08-27
CVE-2020-19002 [MEDIUM] CVE-2020-19002: Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via
Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632.
ghsanvdosv
CVE-2025-29573P4MEDIUMCVSS 6.1v6.0.02025-05-05
CVE-2025-29573 [MEDIUM] CWE-79 CVE-2025-29573: Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature
Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.
ghsanvdosv
CVE-2025-6050P4MEDIUMCVSS 4.8fixed in 6.1.1≥ 0.1, < 6.1.12025-06-17
CVE-2025-6050 [MEDIUM] CWE-79 CVE-2025-6050: Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerabilit
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can
ghsanvdosv
CVE-2018-16632P4MEDIUMCVSS 4.8v4.3.12018-12-28
CVE-2018-16632 [MEDIUM] CWE-79 CVE-2018-16632: Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title pa
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.
nvd