CNNVD-202509-4388 Information

CNNVD ID

CNNVD-202509-4388

Related CVE

CVE-2025-56795

• CNNVD Published: 2025-09-29

Description (Chinese)

Mealie是美国Hayden个人开发者的一个自托管的食谱管理器和膳食计划器。 Mealie 3.0.1及之前版本存在安全漏洞，该漏洞源于recipe creation功能中对note和text字段的用户输入未进行清理和转义，可能导致存储型跨站脚本攻击。

Description (English)

Mealie is a self-hosted recipe manager and diet planner for Hayden personal developers in the United States. There is a security loophole in Mealie 3.0.1 and previous versions, which stems from the fact that user input into the note and text fields in the reciprocation function has not been cleaned and converted, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-29

Last Modified

2026-02-24

References

https://github.com/mealie-recipes/mealie/issues/5677 https://github.com/B1tBreaker/CVE-2025-56795 https://github.com/mealie-recipes/mealie/pull/5754 https://access.redhat.com/security/cve/cve-2025-56795

Patch

https://docs.mealie.io/