CVE-2025-23213
- Source
- https://cve.org/CVERecord?id=CVE-2025-23213
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23213.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-23213
- Aliases
-
- GHSA-56jp-j3x5-hh2w
- Published
- 2025-01-28T15:31:19.544Z
- Modified
- 2025-12-05T08:52:17.231752Z
- Severity
-
- 8.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
- Summary
- Tandoor Recipes - Stored XSS through Unrestricted File Upload
- Details
-
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28.
- Database specific
{ "cwe_ids": [ "CWE-434" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23213.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23213.json
- https://github.com/TandoorRecipes/recipes/commit/3e37d11c6a3841a00eb27670d1d003f1a713e1cf
- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-56jp-j3x5-hh2w
- https://nvd.nist.gov/vuln/detail/CVE-2025-23213
Affected packages
Git / github.com/tandoorrecipes/recipes
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tandoorrecipes/recipes
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0
0.10.0
0.10.1
0.11.0
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.16.5
0.16.6
0.16.7
0.16.8
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.18.0
0.2.0
0.2.1
0.2.2
0.3.0
0.3.1
0.3.2
0.4.0
0.5.0
0.5.1
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.7.0
0.7.1
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.9.0
0.9.1
0.9.2
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.4.1
1.0.5
1.0.5.1
1.0.5.2
1.0.6
1.0.7
1.0.8
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0
1.4.1
1.4.10
1.4.11
1.4.12
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.5.0
1.5.1
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
1.5.15
1.5.16
1.5.17
1.5.18
1.5.19
1.5.2
1.5.20
1.5.21
1.5.22
1.5.23
1.5.24
1.5.25
1.5.26
1.5.27
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9