CVE-2025-70296

Medium CVSS: 5.4

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.

Vendor

Mealie

Product

Mealie

CWE

CWE-77

Yayın Tarihi

2026-02-11 19:15:50

Güncelleme

2026-02-23 15:34:31

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Mealie MEDIUM Mealie 2026

Referanslar

https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-70296/CVE-2025-70296.md https://github.com/mealie-recipes/mealie/issues/6690 https://github.com/mealie-recipes/mealie/pull/6743

Benzer Kayıtlar

Medium

CVE-2025-70297

A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1…

Critical

CVE-2025-56795

Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting (XSS) in the recipe creation functionality. Unsani…

Low

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allo…

Medium

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows…

High

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows…