13 matches found
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
CVE-2025-70296 describes a stored HTML injection vulnerability in the Recipe Notes rendering component of Mealie 3.3.1. The issue allows remote authenticated users to inject arbitrary HTML, leading to user interface redressing within the recipe view. The description specifies the affected product...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner developed by Hayden from the United States. Version 3.3.1 of Mealie contains a security vulnerability, which stems from a storage-type HTML injection in the Recipe Notes rendering component, potentially leading to user interface spoofing...
PT-2026-7638
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-56795
Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting XSS in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/recipename" endpoint is rendered in the frontend without proper escaping leading to persistent XSS...
CVE-2025-56795
Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting XSS in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/recipename" endpoint is rendered in the frontend without proper escaping leading to persistent XSS...
CVE-2024-0384
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above...
PT-2024-15518 · WordPress · Wp Recipe Maker
Name of the Vulnerable Software and Affected Versions: WP Recipe Maker plugin for WordPress versions up to, and including, 9.1.0 Description: The issue is related to Stored Cross-Site Scripting via Recipe Notes due to insufficient input sanitization and output escaping. This allows authenticated...