CVE-2022-23073

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-23073

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23073.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23073

Published

2022-06-21T09:15:08.913Z

Modified

2026-04-10T04:44:52.791063Z

Summary

[none]

Details

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.

References

Affected packages

Git / github.com/tandoorrecipes/recipes

Affected ranges

Type

GIT

Repo

https://github.com/tandoorrecipes/recipes

Events

Introduced

6cabeba3cbb4395b20d1e0f8e2ac1918eb5966b6

Last affected

378938812c8b1100bf054f9f31398fee4332d979

Fixed

7b2117c0190d4f541ba4cc7ee4122f04738c4ac6

Database specific

{
    "versions": [
        {
            "introduced": "1.0.5"
        },
        {
            "last_affected": "1.2.5"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23073.json"