[webapps] Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)
read file error: read notes: is a directory 2025-7-28 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:7 收藏
read file error: read notes: is a directory 2025-7-28 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:7 收藏
# Exploit Title: Mezzanine CMS 6.1.0 Stored Cross Site Scripting (XSS)
via component /blog/blogpost/add
# Date: 23/07/2025
# Exploit Author: Kevin Dicks
# Vendor Homepage: https://github.com/stephenmcd/mezzanine
# Software Link: https://github.com/stephenmcd/mezzanine
# Version: 6.1.0
# Category: Web Application
# Tested on: Ubuntu Server 20.04.6 LTS (Focal Fossa), Firefox browser
version 136.0 (64-bit)
# CVE : CVE-2025-50481
# Exploit link : https://github.com/kevinpdicks/Mezzanine-CMS-6.1.0-XSS
## Summary:
A cross-site scripting (XSS) vulnerability in the component
/blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute
arbitrary web scripts or HTML via injecting a crafted payload into a
blog post.
## Reproduction Steps:
1. Login to the admin portal.
2. Create a new blog post.
3. Insert source code, and enter the following payload:
```
<script>alert(document.location)</script>
```
4. Save the new blog post.
5. The blog post is published, and can be accessed by any user.
6. Stored XSS is executed.
--
文章来源: https://www.exploit-db.com/exploits/52385
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh