exploitDog

CVE-2025-70296

Опубликовано: 11 фев. 2026

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.

Ссылки

https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-70296/CVE-2025-70296.md
Exploit
Third Party Advisory
https://github.com/mealie-recipes/mealie/issues/6690
Issue Tracking
https://github.com/mealie-recipes/mealie/pull/6743
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mealie:mealie:*:*:*:*:*:*:*:*

Версия от 3.3.1 (включая) до 3.8.0 (исключая)

EPSS

Процентиль: 14%

0.0023

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-cx65-rpp3-qf6c

CVSS3: 5.4

github

5 месяцев назад

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.

EPSS

Процентиль: 14%

0.0023

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-77