CVE-2025-70296

Sažetak

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.

Reference

https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-70296/CVE-2025-70296.md
https://github.com/mealie-recipes/mealie/issues/6690
https://github.com/mealie-recipes/mealie/pull/6743

CVSS

Base:	5.4
Impact:	2.5
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

12-02-2026 - 21:16

Objavljeno

11-02-2026 - 19:15