CVE ID : CVE-2025-6050
Published : June 17, 2025, 11:15 a.m. | 3 hours, 11 minutes ago
Description : Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the “displayable_links_js” function, which fails to properly sanitize blog post titles before including them in JSON responses served via “/admin/displayable_links.js”. An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the “/admin/displayable_links.js” endpoint, causing the malicious script to execute in their browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More