Every CVE whose affected-product data names Jupo Mezzanine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-25169 — CVSS 9.8 (critical): An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.
CVE-2020-19002 — CVSS 6.1 (medium): Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the…
CVE-2025-29573 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.
CVE-2018-16632 — CVSS 4.8 (medium): Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.
CVE-2025-50481 — CVSS 4.8 (medium): A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute…
CVE-2025-6050 — CVSS 4.8 (medium): Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The…