CVE-2025-6050 – Mezzanine CMS Stored Cross-Site Scripting (XSS) Vulnerability

June 17, 2025

CVE ID : CVE-2025-6050

Published : June 17, 2025, 11:15 a.m. | 3 hours, 11 minutes ago

Description : Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the “displayable_links_js” function, which fails to properly sanitize blog post titles before including them in JSON responses served via “/admin/displayable_links.js”. An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the “/admin/displayable_links.js” endpoint, causing the malicious script to execute in their browser.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3880 – Opinion Stage WordPress Poll Survey Quiz Maker Plugin Unauthorized Data Modification Vulnerability

Next Article CVE-2025-3515 – WordPress Contact Form 7 Drag and Drop Multiple File Upload Remote Code Execution Vulnerability

Highlights

CVE-2025-7805 – Tenda FH451 PPTP Stack Buffer Overflow

July 18, 2025

CVE ID : CVE-2025-7805

Published : July 18, 2025, 8:15 p.m. | 2 hours, 44 minutes ago

Description : A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-6050 – Mezzanine CMS Stored Cross-Site Scripting (XSS) Vulnerability

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

@lib/sixel – Bitmap graphics in the terminal

CVE-2025-46220 – Apache HTTP Server Unvalidated User Input

Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed Including 41 RCE

CVE-2024-7399: Samsung MagicINFO Vulnerability Now Actively Exploited in the Wild

CVE-2025-7805 – Tenda FH451 PPTP Stack Buffer Overflow

My favorite RTS castle builder from 2002 just got a brilliant remaster — and it’s only $16 on PC for a limited time

Distribution Release: Archcraft 2025.04.24

CVE-2025-43879 – ZTE WRH-733GBK/WRH-733GWH OS Command Injection

CVE-2025-6050 – Mezzanine CMS Stored Cross-Site Scripting (XSS) Vulnerability

Related Posts