CVE-2025-23213

CVSS 3.1 Score 8.7 of 10 (high)

Details

Published Jan 28, 2025

CWE ID 434

Summary

CVE-2025-23213 is a vulnerability affecting the Tandoor Recipes application. The application, which is used for managing recipes, planning meals, and building shopping lists, has a file upload feature that is vulnerable to Cross-Site Scripting (XSS) attacks. Malicious HTML and SVG files can be uploaded and executed in users' browsers, leading to potential data theft or unauthorized actions. This issue has been resolved in version 1.5.28 of the application.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Tandoor

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2cFfvt
https://www.cve.org/CVERecord?id=CVE-2025-23213
https://nvd.nist.gov/vuln/detail/CVE-2025-23213

Back to Vulnerability Database

CVE-2025-23213

CVSS 3.1 Score 8.7 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations