CVE-2025-6050
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-6050
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6050.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-6050
- Aliases
- Published
- 2025-06-17T11:15:22Z
- Modified
- 2025-07-30T20:53:29.989529Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayablelinks.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayablelinks.js" endpoint, causing the malicious script to execute in their browser.
- References
Affected packages
Git / github.com/stephenmcd/mezzanine
Affected ranges
- Type
- GIT
- Repo
- https://github.com/stephenmcd/mezzanine
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.11
0.11.1
0.11.10
0.11.2
0.11.3
0.11.4
0.11.5
0.11.6
0.11.7
0.11.8
0.11.9
0.12
0.12.1
0.12.2
0.12.3
0.12.4
0.2.3
0.2.4
0.4
0.5
0.5.3
0.5.4
0.6
0.6.1
0.6.2
0.6.3
0.6.4
0.7
0.7.1
0.7.2
0.7.3
0.8
0.8.5
0.9
1.*
1.0.0
1.0.1
1.0.10
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.4.0
1.4.1
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.10
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
4.*
4.0.0
4.0.1
v0.*
v0.1.1
v0.1.2
v0.10
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.11
v0.11.1
v0.11.10
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.12
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.2.3
v0.2.4
v0.3.2
v0.3.3
v0.4
v0.5
v0.5.3
v0.5.4
v0.6
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.7
v0.7.1
v0.7.2
v0.7.3
v0.8
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.9
v0.9.1
v1.*
v1.0.0
v1.0.1
v1.0.10
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.2.4
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.1
v3.1.10
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v4.*
v4.0.0
v4.0.1
v4.1.0
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.3.0
v4.3.1
v5.*
v5.0.0-alpha.1
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v6.*
v6.0.0
v6.0.1
v6.1.0
Other
wab-2015-03-05
wab-2015-03-05-2