Mezzanine Cross Site Scripting (XSS) vulnerability

GHSA-fpv7-hx6r-9vcx · CVE-2020-19002 · PYSEC-2021-343

Published May 24, 2022 · Modified Jun 10, 2026

Description

Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the Description field of the component admin/blog/blogpost/add/. This issue is different than CVE-2018-16632.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-19002
WEB https://github.com/stephenmcd/mezzanine/issues/1921
WEB https://github.com/pypa/advisory-database/tree/main/vulns/mezzanine/PYSEC-2021-343.yaml
PACKAGE https://github.com/stephenmcd/mezzanine
WEB https://github.com/stephenmcd/mezzanine/blob/v6.0.0/mezzanine/blog/templates/blog/blog_post_list.html#L112

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes