Recipes is an application used to manage recipes, plan meals, create shopping lists, etc. A cross-site scripting vulnerability exists in Recipes versions 1.0.5 through 1.2.5, which stems from a missing filter escape for user data in the name parameter. A low privilege attacker could exploit this vulnerability to have the victim’s API key and take over the administrator’s account.
CPE | Name | Operator | Version |
---|---|---|---|
Recipes Recipes >=1.0.5, | le | 1.2.5 |