CVE-2025-6345
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rems | my_food_recipe | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6345 is a Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester My Food Recipe version 1.0. It occurs in the Add Recipe functionality, specifically in the recipe_name input field within the /endpoint/add-recipe.php endpoint. User input in this field is not properly sanitized before being stored in the database. An attacker can inject malicious JavaScript code that gets stored and later executed in the browsers of users who view the affected recipe data. This allows arbitrary script execution in other users' sessions, potentially leading to session hijacking, defacement, or other malicious actions. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to execute arbitrary JavaScript code in the context of other users' sessions when they view the affected recipe data. This can lead to session hijacking, defacement of the website, or other malicious activities that compromise data integrity and user security. Exploitation is relatively easy and requires victim interaction, such as viewing the maliciously crafted recipe entry. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable endpoint /endpoint/add-recipe.php and testing the recipe_name input field in the Add Recipe modal (#addRecipeModal) for stored cross-site scripting (XSS). One method is to submit a test payload such as <script>alert('PoC VulDB My Food Recipe')</script> via a POST request to the add-recipe.php endpoint and then observe if the script executes when viewing the stored recipe data. Additionally, attackers may use Google dorking with queries like inurl:endpoint/add-recipe.php to identify vulnerable targets. Specific commands to test could include using curl to POST the payload, for example: curl -X POST -d "Name=<script>alert('PoC VulDB My Food Recipe')</script>" https://targetsite/endpoint/add-recipe.php. Monitoring web application logs for suspicious input patterns or unexpected script tags in stored data can also help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been documented for this vulnerability. The suggested immediate step is to replace the affected product (SourceCodester My Food Recipe version 1.0) with an alternative that does not contain this vulnerability. Additionally, as a temporary measure, restricting user input in the recipe_name field, applying input sanitization and output encoding, and implementing web application firewalls (WAF) to detect and block XSS payloads may help reduce risk until a secure version or alternative is deployed. [2]