Vulnerabilities > Jupo

DATE CVE VULNERABILITY TITLE RISK
2021-08-27 CVE-2020-19002 Cross-site Scripting vulnerability in Jupo Mezzanine 4.3.1
Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'.
network
low complexity
jupo CWE-79
6.1
2018-12-28 CVE-2018-16632 Cross-site Scripting vulnerability in Jupo Mezzanine 4.3.1
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.
network
low complexity
jupo CWE-79
4.8