B1tBreaker/CVE-2025-56795

Releases0

Stars1

Stored Cross-Site Scripting (XSS) vulnerability affecting the recipe creation functionality in Mealie versions up to 3.0.1.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-56795 ↗	Sep 29, 2025Monday, 29 September 2025, 17:15	9 CRITICAL	—
Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting (XSS) in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/{recipe_name}" endpoint is rendered in the frontend without proper escaping leading to persistent XSS.