Lookup for vulnerable packages by Package URL.
| Purl | pkg:pypi/mezzanine@0.11.7 |
|---|
| Type | pypi |
|---|
| Namespace | |
|---|
| Name | mezzanine |
|---|
| Version | 0.11.7 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 6.1.1 |
|---|
| Latest_non_vulnerable_version | 6.1.1 |
|---|
| Affected_by_vulnerabilities |
| 0 |
|
| 1 |
| url |
VCID-bdtb-8sa4-1qbc |
| vulnerability_id |
VCID-bdtb-8sa4-1qbc |
| summary |
Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/stephenmcd/mezzanine |
| reference_id |
mezzanine |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-06T14:03:22Z/ |
|
|
| url |
https://github.com/stephenmcd/mezzanine |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-29573, GHSA-2544-hpcq-6g27, PYSEC-2025-136
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bdtb-8sa4-1qbc |
|
| 2 |
| url |
VCID-f12a-ma7a-eqe9 |
| vulnerability_id |
VCID-f12a-ma7a-eqe9 |
| summary |
An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://ibb.co/hLLPTVp |
| reference_id |
hLLPTVp |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T14:06:37Z/ |
|
|
| url |
https://ibb.co/hLLPTVp |
|
| 5 |
| reference_url |
https://ibb.co/JKh4hmD |
| reference_id |
JKh4hmD |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T14:06:37Z/ |
|
|
| url |
https://ibb.co/JKh4hmD |
|
| 6 |
| reference_url |
https://ibb.co/Pt9qd8t |
| reference_id |
Pt9qd8t |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T14:06:37Z/ |
|
|
| url |
https://ibb.co/Pt9qd8t |
|
| 7 |
| reference_url |
https://ibb.co/rfrKj3r |
| reference_id |
rfrKj3r |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T14:06:37Z/ |
|
|
| url |
https://ibb.co/rfrKj3r |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-25169, GHSA-qp56-82vp-xqgv
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f12a-ma7a-eqe9 |
|
| 3 |
| url |
VCID-k4aw-mteq-6feg |
| vulnerability_id |
VCID-k4aw-mteq-6feg |
| summary |
A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/stephenmcd/mezzanine |
| reference_id |
mezzanine |
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T17:18:38Z/ |
|
|
| url |
https://github.com/stephenmcd/mezzanine |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-50481, GHSA-269j-37ww-cmh3, PYSEC-2025-137
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k4aw-mteq-6feg |
|
| 4 |
| url |
VCID-v9zg-9xec-zbd7 |
| vulnerability_id |
VCID-v9zg-9xec-zbd7 |
| summary |
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-6050, GHSA-7pr5-w74r-jjj7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v9zg-9xec-zbd7 |
|
| 5 |
| url |
VCID-ymua-vd7r-ybbe |
| vulnerability_id |
VCID-ymua-vd7r-ybbe |
| summary |
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://ibb.co/DpxHpz9 |
| reference_id |
DpxHpz9 |
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-19T21:05:27Z/ |
|
|
| url |
https://ibb.co/DpxHpz9 |
|
| 4 |
|
| 5 |
| reference_url |
https://ibb.co/T0fhLwR |
| reference_id |
T0fhLwR |
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-19T21:05:27Z/ |
|
|
| url |
https://ibb.co/T0fhLwR |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-25170, GHSA-22cc-w7xm-rfhx
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ymua-vd7r-ybbe |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | 10.0 |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:pypi/mezzanine@0.11.7 |
|---|