Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tandoor Recipes - Stored XSS through Unrestricted File Upload
Vulnerability Description
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Tandoor Recipes 代码问题漏洞
Vulnerability Description
Tandoor Recipes是Tandoor Recipes开源的一个用于管理食谱、计划膳食、建立购物清单等等的应用程序。 Tandoor Recipes 1.5.28之前版本存在代码问题漏洞,该漏洞源于文件上传功能允许上传任意文件,包括html和svg,两者都可能包含恶意内容。
CVSS Information
N/A
Vulnerability Type
N/A