CVE-2025-6050 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Mezzanine CMS product by jupo, specifically in versions prior to 6.1.1. The vulnerability resides in the admin interface within the "displayable_links_js" function. This function fails to properly sanitize blog post titles before embedding them into JSON responses served via the "/admin/displayable_links.js" endpoint. An authenticated administrator can exploit this by creating a blog post with a malicious JavaScript payload embedded in the title field. When another administrator accesses or is tricked into clicking a direct link to the vulnerable endpoint, the malicious script executes in their browser context. This stored XSS attack leverages the trust relationship between admin users and the CMS, potentially allowing the attacker to hijack admin sessions, perform unauthorized actions, or steal sensitive information accessible to the admin. The vulnerability requires authenticated access with admin privileges to inject the payload, and user interaction (clicking the crafted link) to trigger the exploit. The CVSS 4.0 base score is 4.8 (medium severity), reflecting the need for authentication and user interaction, limited confidentiality and integrity impact, and network attack vector with low complexity. No known exploits are currently reported in the wild. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a common web application security flaw. The issue is specifically tied to the handling of JSON responses in the admin interface, which is a critical component for managing content and site configuration in Mezzanine CMS.

For European organizations using Mezzanine CMS versions prior to 6.1.1, this vulnerability poses a moderate risk primarily to administrative users. Successful exploitation could lead to session hijacking of admin accounts, unauthorized administrative actions, or disclosure of sensitive administrative data. This could compromise the integrity and confidentiality of the CMS-managed content and potentially the broader web infrastructure if admin credentials are reused or elevated privileges are leveraged. The impact is somewhat contained by the requirement for an attacker to have authenticated admin access to inject the payload and for another admin to interact with the malicious link. However, in environments where multiple administrators manage content collaboratively, the risk of lateral movement and privilege escalation increases. Given the role of CMS platforms in managing public-facing websites, exploitation could also lead to defacement or distribution of malicious content, damaging organizational reputation and trust. European organizations in sectors with strict data protection regulations (e.g., GDPR) must consider the potential compliance implications if the vulnerability leads to unauthorized data exposure or service disruption.

1. Immediate upgrade to Mezzanine CMS version 6.1.1 or later, where this vulnerability is fixed, is the most effective mitigation. 2. If upgrading is not immediately feasible, implement strict input validation and output encoding on blog post titles within the admin interface, ensuring that any user-supplied content is properly sanitized before inclusion in JSON responses. 3. Restrict admin interface access to trusted networks and users, employing network segmentation and VPNs to reduce exposure. 4. Implement multi-factor authentication (MFA) for all admin accounts to reduce the risk of compromised credentials. 5. Educate administrators about the risks of clicking on untrusted or unexpected links, especially those pointing to internal admin endpoints. 6. Monitor web server logs for unusual access patterns to "/admin/displayable_links.js" and alert on suspicious activity. 7. Employ Content Security Policy (CSP) headers to limit the impact of potential XSS payloads by restricting script execution sources. 8. Regularly audit and review admin user activities and permissions to minimize the number of users with high privileges.