← Back

Jupo

jupo

7 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Mezzanine
mezzanine
7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-50481
1Jupo
1Mezzanine
Jul 28, 2025
Jul 23, 2025
N/A· v4
4.8 MEDIUM· v3
N/A· v2
A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.
CVE-2025-6050
1Jupo
1Mezzanine
Jul 30, 2025
Jun 17, 2025
4.8 MEDIUM· v4
4.8 MEDIUM· v3
N/A· v2
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanit...Show more
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser.Show less
CVE-2025-29573
1Jupo
1Mezzanine
Jun 16, 2025
May 5, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.
CVE-2024-25170
1Jupo
1Mezzanine
Apr 28, 2025
Feb 28, 2024
N/A· v4
9.1 CRITICAL· v3
N/A· v2
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.
CVE-2024-25169
1Jupo
1Mezzanine
Mar 28, 2025
Feb 28, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.
CVE-2020-19002
1Jupo
1Mezzanine
Nov 21, 2024
Aug 27, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632.
CVE-2018-16632
1Jupo
1Mezzanine
Nov 21, 2024
Dec 28, 2018
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.