Cross site script in hay-kot/mealie

Valid

Reported on

May 31st 2022


Description

1.Create a new recipe.

2.Edit this recipe and add this payload <img src=x onerror=confirm(document.cookie)>

3.Save the recipe and reload the recipe page

Impact

Xss

We are processing your report and will contact the hay-kot/mealie team within 24 hours. 2 months ago
We have contacted a member of the hay-kot/mealie team and are waiting to hear back 2 months ago
We have sent a follow up to the hay-kot/mealie team. We will try again in 7 days. 2 months ago
We have sent a second follow up to the hay-kot/mealie team. We will try again in 10 days. 2 months ago
We have sent a third and final follow up to the hay-kot/mealie team. This report is now considered stale. a month ago
Hayden validated this vulnerability a month ago
Distorted_Hacker has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
We have sent a fix follow up to the hay-kot/mealie team. We will try again in 7 days. a month ago
We have sent a second fix follow up to the hay-kot/mealie team. We will try again in 10 days. a month ago
We have sent a third and final fix follow up to the hay-kot/mealie team. This report is now considered stale. 17 days ago
Hayden confirmed that a fix has been merged on 13850c 2 days ago
Hayden has been awarded the fix bounty
to join this conversation