CVE-2025-23213 – Tandoor Recipes Cross-Site Scripting (XSS)

The following table lists the changes that have been made to the CVE-2025-23213 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Jan. 28, 2025

    Action Type Old Value New Value
    Added Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28.
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
    Added CWE CWE-434
    Added Reference https://github.com/TandoorRecipes/recipes/commit/3e37d11c6a3841a00eb27670d1d003f1a713e1cf
    Added Reference https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-56jp-j3x5-hh2w

نوشته های مشابه

CVE-2025-20094 – Microsoft Defense Platform Windows RCE (Shatter)

CVE-2025-23236 – Cisco Defense Platform Home Edition Buffer Overflow Elevates Privileges

CVE-2024-51547 – ABB ASPECT-Enterprise/NEXUS Series/MATRIX Series Hard-coded Credentials Vulnerability

CVE-2024-51450 – IBM Security Verify Directory Command Injection