CVE-2020-19002: Mezzanine Cross Site Scripting (XSS) vulnerability
(updated )
Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the Description field of the component admin/blog/blogpost/add/. This issue is different than CVE-2018-16632.
References
- github.com/advisories/GHSA-fpv7-hx6r-9vcx
- github.com/pypa/advisory-database/tree/main/vulns/mezzanine/PYSEC-2021-343.yaml
- github.com/stephenmcd/mezzanine
- github.com/stephenmcd/mezzanine/blob/v6.0.0/mezzanine/blog/templates/blog/blog_post_list.html
- github.com/stephenmcd/mezzanine/issues/1921
- nvd.nist.gov/vuln/detail/CVE-2020-19002
Code Behaviors & Features
Detect and mitigate CVE-2020-19002 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →