Description

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser.

INFO

Published Date :

2025-06-17T11:06:12.360Z

Last Modified :

2025-07-24T15:30:10.501Z

Source :

Checkmarx
AFFECTED PRODUCTS

The following products are affected by CVE-2025-6050 vulnerability.

Vendors Products
Jupo
  • Mezzanine
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-6050.

URL Resource
https://advisory.checkmarx.net/advisory/CVE-2025-6050/ cve-icon cve-icon
https://github.com/stephenmcd/mezzanine/commit/898630d8df48cf3ddb8b9942f59168b93216e3f8 cve-icon cve-icon
https://github.com/stephenmcd/mezzanine/discussions/2080 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact