CVE-2025-6050
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-07-30
Assigner: Checkmarx
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jupo | mezzanine | to 6.1.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6050 is a stored Cross-Site Scripting (XSS) vulnerability in the admin interface of Mezzanine CMS versions prior to 6.1.1. It occurs because the function "displayable_links_js" does not properly sanitize blog post titles before including them in JSON responses served via the "/admin/displayable_links.js" endpoint. An authenticated admin user can create a blog post with malicious JavaScript in the title, then trick another admin user into accessing the endpoint, causing the malicious script to execute in the victim's browser. [1]
How can this vulnerability impact me? :
This vulnerability can impact you if you are an admin user of Mezzanine CMS. An attacker with admin access can inject malicious JavaScript into blog post titles, which can then execute in the browsers of other admin users who access the affected endpoint. This could lead to unauthorized actions performed in the context of the victim admin user, potentially compromising the admin interface or leaking sensitive information. However, the severity is considered low since it requires authenticated admin access and user interaction. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for the presence of malicious JavaScript payloads in blog post titles served via the /admin/displayable_links.js endpoint. Since the vulnerability is a stored XSS affecting authenticated admin users, one approach is to inspect the JSON responses from this endpoint for suspicious script content. Commands could include using curl or wget to fetch the endpoint and grep or jq to analyze the response, for example: curl -s -b 'admin_session_cookie' https://your-mezzanine-site/admin/displayable_links.js | grep '<script>' or curl -s -b 'admin_session_cookie' https://your-mezzanine-site/admin/displayable_links.js | jq '.' to look for unexpected script tags or payloads. Additionally, monitoring admin user activity and logs for unusual requests to this endpoint may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Mezzanine CMS to version 6.1.1 or later, where the vulnerability has been fixed (commit 898630d). Until the upgrade can be applied, restrict access to the /admin/displayable_links.js endpoint to trusted admin users only, and educate admins to avoid clicking on suspicious links that could trigger the stored XSS. Implementing additional security controls such as Content Security Policy (CSP) headers to limit script execution in the admin interface may also reduce risk. [1]