CVE-2022-23074

Source
https://cve.org/CVERecord?id=CVE-2022-23074
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23074.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-23074
Published
2022-06-21T10:15:08.343Z
Modified
2026-04-10T04:44:52.806346Z
Summary
[none]
Details

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.

References

Affected packages

Git / github.com/tandoorrecipes/recipes

Affected ranges

Type
GIT
Repo
https://github.com/tandoorrecipes/recipes
Events
Database specific
{
    "versions": [
        {
            "introduced": "0.17.0"
        },
        {
            "last_affected": "1.2.5"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23074.json"