Recipes Security Vulnerabilities and Issues — Recipes CVE List

Lucene search

TandoorRecipes

8 matches found

CVE•added 2022/06/21 8:15 a.m.•817 views

CVE-2022-23072

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an X...

3.5CVSS5.2AI score0.00226EPSS

CVE•added 2022/06/21 9:15 a.m.•793 views

CVE-2022-23073

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS payl...

3.5CVSS5.2AI score0.00226EPSS

CVE•added 2022/06/21 10:15 a.m.•657 views

CVE-2022-23074

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and...

3.5CVSS5.2AI score0.00226EPSS

CVE•added 2024/03/01 12:15 a.m.•69 views

CVE-2024-0403

Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF.

6.5CVSS5.6AI score0.00245EPSS

CVE•added 2022/06/19 11:15 a.m.•61 views

CVE-2022-23071

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information.

6.5CVSS6.3AI score0.00214EPSS

CVE•added 2025/01/28 4:15 p.m.•60 views

CVE-2025-23211

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.

9.9CVSS9.5AI score0.00504EPSS

CVE•added 2025/01/28 4:15 p.m.•44 views

CVE-2025-23213

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28.

8.7CVSS8.6AI score0.00034EPSS

CVE•added 2025/01/28 4:15 p.m.•41 views

CVE-2025-23212

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28.

7.7CVSS7.5AI score0.00078EPSS