CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jupo: >> Mezzanine >> 4.3.1 Security Vulnerabilities

CVE-2020-19002

Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632.

CVSS Score

6.1

EPSS Score

0.004

Published

2021-08-27

CVE-2018-16632

Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.

CVSS Score

4.8

EPSS Score

0.002

Published

2018-12-28

Page 1

Vulnerabilities

Vulnerable Software

Jupo: >> Mezzanine >> 4.3.1 Security Vulnerabilities

Products

Pricing

Contact Us