CVE-2022-23074

CVE-2022-23074: Recipes - Stored XSS in Name Parameter

Vendor Recipes
Product recipes
Weakness CWE-79 · XSS
Published June 21, 2022
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.

Key dates

02Disclosure timeline

June 21, 2022 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE