PyPI: mezzanine

CVE-2025-29573

Safety vulnerability ID: SFTY-20250505-41153

Safety legacy ID: pyup.io-77143

Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.

PyPI

NVD

GHSA

Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

Mezzanine CMS Cross-Site Scripting (XSS) vulnerability

Advisory

Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.

Affected Package

Affecting mezzanine package, versions

<=6.0.0

Also affects

---

How to Fix

Upgrade

mezzanine

6.0.1

or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

https://getsafety.com/vulnerabilities/SFTY-20250505-41153/CVE-2025-29573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29573
https://github.com/advisories/GHSA-2544-hpcq-6g27
https://nvd.nist.gov/vuln/detail/CVE-2025-29573
https://github.com/stephenmcd/mezzanine
https://www.squadappsec.com/post/cve-2025-29573-persistent-xss-in-mezzanine-cms-6-0-0-via-malicious-filename
https://github.com/pypa/advisory-database/tree/main/vulns/mezzanine/PYSEC-2025-136.yaml
https://github.com/advisories/GHSA-2544-hpcq-6g27

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more