cvedb.io
CVE-2025-6050
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2025-06-17T11:15:22.400 · Last modified 2026-06-17T10:01:03.470

Summary

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser.

Affected products

jupo — mezzanine

Does this affect you?

Add your gear to cvedb and we'll alert you only when jupo ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.