CVE-2022-23073

CVE-2022-23073: Recipes - Stored XSS in Clipboard

Vendor Recipes

Product recipes

Weakness CWE-79 · XSS

Published June 21, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.

Key dates

02Disclosure timeline

June 21, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-23073 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-23073

CWE CWE-79

Affected versions

Vendor Recipes

Product recipes

Affected ≥ 1.0.5 and < unspecified

Vendor Recipes

Product recipes

Affected ≥ unspecified and ≤ 1.2.5

CVE-2022-23073: Recipes - Stored XSS in Clipboard

01Description

02Disclosure timeline

03References

04Related CVE