Exploit Details
Basic Information
| Exploit Title | Mezzanine CMS 6.1.0 – Stored Cross Site Scripting (XSS) |
|---|---|
| Exploit ID | EDB-ID:52385 |
| Type | exploitdb |
| Published | 2025-07-28T00:00:00 |
| Modified | 2025-07-28T00:00:00 |
CVSS Information
| CVSS Score | 4.8 |
|---|---|
| Severity | MEDIUM |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
CVE Information
- CVE-2025-50481
Exploit Description
Exploit Title: Mezzanine CMS…
Exploit Code
# Exploit Title: Mezzanine CMS 6.1.0 Stored Cross Site Scripting (XSS)
via component /blog/blogpost/add
# Date: 23/07/2025
# Exploit Author: Kevin Dicks
# Vendor Homepage: https://github.com/stephenmcd/mezzanine
# Software Link: https://github.com/stephenmcd/mezzanine
# Version: 6.1.0
# Category: Web Application
# Tested on: Ubuntu Server 20.04.6 LTS (Focal Fossa), Firefox browser
version 136.0 (64-bit)
# CVE : CVE-2025-50481
# Exploit link : https://github.com/kevinpdicks/Mezzanine-CMS-6.1.0-XSS
via component /blog/blogpost/add
# Date: 23/07/2025
# Exploit Author: Kevin Dicks
# Vendor Homepage: https://github.com/stephenmcd/mezzanine
# Software Link: https://github.com/stephenmcd/mezzanine
# Version: 6.1.0
# Category: Web Application
# Tested on: Ubuntu Server 20.04.6 LTS (Focal Fossa), Firefox browser
version 136.0 (64-bit)
# CVE : CVE-2025-50481
# Exploit link : https://github.com/kevinpdicks/Mezzanine-CMS-6.1.0-XSS
## Summary:
A cross-site scripting (XSS) vulnerability in the component
/blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute
arbitrary web scripts or HTML via injecting a crafted payload into a
blog post.
## Reproduction Steps:
1. Login to the admin portal.
2. Create a new blog post.
3. Insert source code, and enter the following payload:
“`
“`
4. Save the new blog post.
5. The blog post is published, and can be accessed by any user.
6. Stored XSS is executed.
—