13 matches found
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
PT-2026-7638
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
CVE-2025-70296 is a stored HTML injection in Mealie 3.3.1’s Recipe Notes rendering component. Remote authenticated users can inject arbitrary HTML, causing user interface redressing in the recipe view. Descriptions across multiple sources confirm the vulnerability and affected version; one connec...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner developed by Hayden from the United States. Version 3.3.1 of Mealie contains a security vulnerability, which stems from a storage-type HTML injection in the Recipe Notes rendering component, potentially leading to user interface spoofing...
CVE-2025-56795
Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting XSS in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/recipename" endpoint is rendered in the frontend without proper escaping leading to persistent XSS...
CVE-2025-56795
Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting XSS in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/recipename" endpoint is rendered in the frontend without proper escaping leading to persistent XSS...
CVE-2024-0384
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above...
PT-2024-15518 · WordPress · Wp Recipe Maker
Name of the Vulnerable Software and Affected Versions: WP Recipe Maker plugin for WordPress versions up to, and including, 9.1.0 Description: The issue is related to Stored Cross-Site Scripting via Recipe Notes due to insufficient input sanitization and output escaping. This allows authenticated...