Mezunum Satiyorum
Monthly
Stored cross-site scripting in Mezunum Satiyorum (versions 1.2.504 through 10072026) allows a low-privileged authenticated attacker to inject persistent malicious scripts into web pages served to other users. The scope change (S:C) in the CVSS vector confirms the payload executes in the victim's browser context, enabling session hijacking, credential theft, or malicious redirects against any user who loads the affected page. No public exploit code has been identified at time of analysis, and the vendor did not respond to TR-CERT's disclosure, leaving the vulnerability unpatched.
Stored cross-site scripting in Mezunum Satiyorum (versions 1.2.504 through 10072026) allows a low-privileged authenticated attacker to inject persistent malicious scripts into web pages served to other users. The scope change (S:C) in the CVSS vector confirms the payload executes in the victim's browser context, enabling session hijacking, credential theft, or malicious redirects against any user who loads the affected page. No public exploit code has been identified at time of analysis, and the vendor did not respond to TR-CERT's disclosure, leaving the vulnerability unpatched.