CNNVD-202602-1888 Information

CNNVD ID

CNNVD-202602-1888

Related CVE

CVE-2025-70297

• CNNVD Published: 2026-02-11

Description (Chinese)

Mealie是美国Hayden个人开发者的一个自托管的食谱管理器和膳食计划器。 Mealie 3.3.1版本存在安全漏洞，该漏洞源于recipe资产上传和媒体服务组件存在存储型跨站脚本，可能导致通过上传的SVG文件注入任意Web脚本或HTML。

Description (English)

Mealie is a self-hosted recipe manager and diet planner for Hayden personal developers in the United States. There is a security loophole in the Mealie 3.3.1 version, which stems from the existence of a storage cross-site script for recipe asset uploads and media service components, which could result in the injection of any Web script or HTML by uploading SVG files.

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-11

Last Modified

2026-02-24

References

https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-70297/CVE-2025-70297.md https://github.com/mealie-recipes/mealie/issues/6319