In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.
In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.
In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functionality. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.