Hacking

Mezzanine CMS 6.1.0 – Stored Cross Site Scripting (XSS)

Author8 hours ago01 mins

# Exploit Title: Mezzanine CMS 6.1.0 Stored Cross Site Scripting (XSS)
via component /blog/blogpost/add
# Date: 23/07/2025
# Exploit Author: Kevin Dicks
# Vendor Homepage: https://github.com/stephenmcd/mezzanine
# Software Link: https://github.com/stephenmcd/mezzanine
# Version: 6.1.0
# Category: Web Application
# Tested on: Ubuntu Server 20.04.6 LTS (Focal Fossa), Firefox browser
version 136.0 (64-bit)
# CVE : CVE-2025-50481
# Exploit link : https://github.com/kevinpdicks/Mezzanine-CMS-6.1.0-XSS

## Summary:
A cross-site scripting (XSS) vulnerability in the component
/blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute
arbitrary web scripts or HTML via injecting a crafted payload into a
blog post.

## Reproduction Steps:
1. Login to the admin portal.
2. Create a new blog post.
3. Insert source code, and enter the following payload:
```



```
4. Save the new blog post.
5. The blog post is published, and can be accessed by any user.
6. Stored XSS is executed.

--

Leave a Reply Cancel reply

Related News

Adobe ColdFusion 2023.6 – Remote File Read

Author20 minutes ago 0

XWiki 14 – SQL Injection via getdeleteddocuments.vm

Author2 hours ago 0

Invision Community 4.7.20 – (calendar/view.php) SQL Injection

Author2 hours ago 0

Linux PAM Environment – Variable Injection Local Privilege Escalation

Author3 hours ago 0