Cross site script in hay-kot/mealie

Valid

Reported on

May 31st 2022

Description

1.Create a new recipe.

2.Edit this recipe and add this payload <img src=x onerror=confirm(document.cookie)>

3.Save the recipe and reload the recipe page

Xss

We are processing your report and will contact the hay-kot/mealie team within 24 hours. a year ago

We have contacted a member of the hay-kot/mealie team and are waiting to hear back a year ago

We have sent a follow up to the hay-kot/mealie team. We will try again in 7 days. a year ago

We have sent a second follow up to the hay-kot/mealie team. We will try again in 10 days. a year ago

We have sent a third and final follow up to the hay-kot/mealie team. This report is now considered stale. a year ago

Hayden validated this vulnerability a year ago

Distorted_Hacker has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

We have sent a fix follow up to the hay-kot/mealie team. We will try again in 7 days. a year ago

We have sent a second fix follow up to the hay-kot/mealie team. We will try again in 10 days. a year ago

We have sent a third and final fix follow up to the hay-kot/mealie team. This report is now considered stale. a year ago

Hayden marked this as fixed in v1.0.0beta-4 with commit 13850c a year ago

Hayden has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation