Mealie

Mealie

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-70296

Exploit
  • EPSS 0.04%
  • Veröffentlicht 11.02.2026 00:00:00
  • Zuletzt bearbeitet 23.02.2026 15:34:31

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.

6.1

CVE-2025-70297

Exploit
  • EPSS 0.04%
  • Veröffentlicht 11.02.2026 00:00:00
  • Zuletzt bearbeitet 23.02.2026 15:33:59

A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml...

9

CVE-2025-56795

Exploit
  • EPSS 0.04%
  • Veröffentlicht 29.09.2025 17:15:31
  • Zuletzt bearbeitet 16.10.2025 15:42:33

Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting (XSS) in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/{recipe_name}" endpoint is rendered in the frontend without ...

5.4

CVE-2024-55072

Exploit
  • EPSS 0.23%
  • Veröffentlicht 27.03.2025 00:00:00
  • Zuletzt bearbeitet 30.04.2025 16:42:57

A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.

7.6

CVE-2024-55073

Exploit
  • EPSS 0.22%
  • Veröffentlicht 27.03.2025 00:00:00
  • Zuletzt bearbeitet 11.04.2025 17:59:53

A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.

3.1

CVE-2024-55070

Exploit
  • EPSS 0.13%
  • Veröffentlicht 27.03.2025 00:00:00
  • Zuletzt bearbeitet 11.04.2025 17:04:33

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.

6.5

CVE-2024-31994

Exploit
  • EPSS 0.05%
  • Veröffentlicht 19.04.2024 22:15:07
  • Zuletzt bearbeitet 21.11.2024 09:14:18

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file sy...

3.5

CVE-2024-31991

  • EPSS 0.04%
  • Veröffentlicht 19.04.2024 21:15:08
  • Zuletzt bearbeitet 07.03.2025 12:36:39

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or dis...

6.5

CVE-2024-31992

  • EPSS 0.15%
  • Veröffentlicht 19.04.2024 21:15:08
  • Zuletzt bearbeitet 07.03.2025 12:36:39

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to preve...

4.5

CVE-2024-31993

  • EPSS 0.05%
  • Veröffentlicht 19.04.2024 21:15:08
  • Zuletzt bearbeitet 07.03.2025 12:36:39

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any e...