exploitDog

CVE-2025-23213

Опубликовано: 28 янв. 2025

Источник: nvd

CVSS3: 8.7

CVSS3: 5.4

EPSS Низкий

Описание

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28.

Ссылки

https://github.com/TandoorRecipes/recipes/commit/3e37d11c6a3841a00eb27670d1d003f1a713e1cf
Patch
https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-56jp-j3x5-hh2w
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tandoor:recipes:*:*:*:*:*:*:*:*

Версия до 1.5.28 (исключая)

EPSS

Процентиль: 24%

0.00084

Низкий

8.7 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-434

EPSS

Процентиль: 24%

0.00084

Низкий

8.7 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-434