Advisories for Pypi/Mezzanine package

2024

Mezzanine allows attackers to bypass access controls via manipulating the Host header

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.

Mezzanine allows attackers to bypass access control mechanisms

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.

2022

Mezzanine Cross Site Scripting (XSS) vulnerability

Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the Description field of the component admin/blog/blogpost/add/. This issue is different than CVE-2018-16632.