CVE-2025-6050 – Mezzanine CMS Stored Cross-Site Scripting (XSS) Vulnerability

June 17, 2025

CVE ID : CVE-2025-6050

Published : June 17, 2025, 11:15 a.m. | 3 hours, 11 minutes ago

Description : Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the “displayable_links_js” function, which fails to properly sanitize blog post titles before including them in JSON responses served via “/admin/displayable_links.js”. An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the “/admin/displayable_links.js” endpoint, causing the malicious script to execute in their browser.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3880 – Opinion Stage WordPress Poll Survey Quiz Maker Plugin Unauthorized Data Modification Vulnerability

Next Article CVE-2025-3515 – WordPress Contact Form 7 Drag and Drop Multiple File Upload Remote Code Execution Vulnerability

Highlights

CVE-2024-13914 – “WordPress File Manager Advanced Shortcode Local File Inclusion Vulnerability”

May 15, 2025

CVE ID : CVE-2024-13914

Published : May 15, 2025, 6:15 a.m. | 2 hours, 31 minutes ago

Description : The File Manager Advanced Shortcode WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-manager-pro-premium), via the ‘file_manager_advanced’ shortcode. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Sites currently using 2.5.4 (file-manager-advanced-shortcode) should be updated to 2.6.0 (advanced-file-manager-pro-premium).

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-6050 – Mezzanine CMS Stored Cross-Site Scripting (XSS) Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-8744 – CesiumLab Web SQL Injection Vulnerability

CVE-2025-5292 – Elementor Element Pack Addons Stored Cross-Site Scripting Vulnerability

XO – configurable ESLint wrapper

CVE-2025-23260 – NVIDIA AIStore Kubernetes ClusterRole Escalation of Privilege

CVE-2024-13914 – “WordPress File Manager Advanced Shortcode Local File Inclusion Vulnerability”

Steam Deck seems to have quietly gained support for another popular online game — no anticheat block anymore

L’approssimarsi della fine di Windows 10: è il momento di considerare GNU/Linux e LibreOffice

Data Vs. Findings Vs. Insights In UX

CVE-2025-6050 – Mezzanine CMS Stored Cross-Site Scripting (XSS) Vulnerability

Related Posts