Aggregates CVE and security vulnerability intelligence across all mealie_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting, with potential vendor impact session compromise across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-34619 | A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field. | [email protected] | 5.4 | 0.65% | 2022-08-02 | 2024-11-21 |
| CVE-2022-34625 | Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. | [email protected] | 7.2 | 2.19% | 2022-08-02 | 2024-11-21 |
| CVE-2022-34618 | A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. | [email protected] | 5.4 | 0.68% | 2022-08-02 | 2024-11-21 |
| CVE-2022-34613 | Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. | [email protected] | 9.8 | 1.43% | 2022-08-02 | 2024-11-21 |