一、 漏洞 CVE-2025-6050 基础信息
漏洞信息
神龙正在分析中.
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2025-6050 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2025-6050 的情报信息
-
标题: Stored Cross-Site Scripting (XSS) in admin interface - responsible disclosure · stephenmcd/mezzanine · Discussion #2080 · GitHub -- 🔗来源链接
标签:
- https://https://github.com/stephenmcd/mezzanine/commit/898630d8df48cf3ddb8b9942f59168b93216e3f8
- https://nvd.nist.gov/vuln/detail/CVE-2025-6050