CVE-2025-6050

216.73.217.148

· Published 17/06/2025 11:15 · Modified 17/06/2025 11:15

Labels: CVE-2025-6050 2025-06-17 596c5446-0ce5-4ba2-aa66-48b3b757a647 CVE-2025-6050 CWE-79

Essential information

Published: 17/06/2025 11:15
Modified: 17/06/2025 11:15
Author: —
Creator: —
CVSS: 4.8 MEDIUM (v3) 4.8 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 596c5446-0ce5-4ba2-aa66-48b3b757a647
NVD: View on NVD

Affected products (CPE)

Product	CPE
mezzanine / mezzanine	`cpe:2.3:a:mezzanine:mezzanine::<6.1.1>:::::*`