mezzanine

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting mezzaninepage 1 of 1

CVE-2020-19002MEDIUMCVSS 6.1EG 6.1
2021-08-27
vulnerable: 0.1 ... 6.1.1 (141 versions)
Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632.
CVE-2024-25169CRITICALCVSS 9.8EG 9.8
2024-02-28
vulnerable: 0.1 ... 6.0.0 (138 versions)
An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.
CVE-2024-25170CRITICALCVSS 9.1EG 9.1
2024-02-28
vulnerable: 0.1 ... 6.0.0 (138 versions)
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.
CVE-2025-6050MEDIUMCVSS 4.8EG 4.8✓ Fixed in 6.1.1
2025-06-17
vulnerable: 0.1 ... 6.1.0 (140 versions)
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post title…

Check whether mezzanine is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mezzanine CVEs against the assets you own.

Start Free Scan →