Cross site scripting

2022-08-0222:15:00

PRIOn knowledge base

www.prio-n.com

cross-site scripting

stored vulnerability

mealie

shopping lists

html injection

0.001 Low

EPSS

Percentile

49.2%

JSON

A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.

CPENameOperatorVersion
mealieeq0.5.5

CPE	Name	Operator	Version
	mealie	eq	0.5.5

References

cwe.mitre.org/data/definitions/79.html

docs.mealie.io/changelog/v0.5.6/

gainsec.com/2022/08/02/cve-2022-34613-cve-2022-34618-cve-2022-34619-xss-file-upload-and-more/

hub.docker.com/r/hkotel/mealie

huntr.dev/bounties/aa610613-6ebb-4544-9aa6-046dc28fe4ff/

0.001 Low

EPSS

Percentile

49.2%

JSON

Related for PRION:CVE-2022-34619