Lucene search
Simran SankhalaPACKETSTORM:160107HistoryNov 17, 2020 - 12:00 a.m.
Grocy Household Management Solution 2.7.1 Cross Site Scripting
2020-11-1700:00:00
Simran Sankhala
packetstormsecurity.com
563
grocy household management
xss
add recipe
version 2.7.1
cve-2020-25454
proof of concept
EPSS
0.001
Percentile
19.8%
`# Exploit Author: Simran Sankhala
# Vendor Homepage: https://berrnd.de/
# Software Link: https://github.com/grocy/grocy
# Version: 2.7.1
# Tested on: Kali Linux 2020.3
# CVE ID Alloted : CVE-2020-25454
# Proof Of Concept:
grocy household management solution v2.7.1, allows stored XSS , via Add recipe module, that is rendered upon deleting that Recipe .
To exploit this vulnerability:
1. Login to the application
2. Go to Recipe t' module
3. Click on 'add New recipe ' module
4. Enter the payload: <script>alert("xss") in 'Name' and to the description section in the input field.
5. Click Save
6. Click 'Delete Recipe' , the payload gets executed.
`
Related
prion
prion
Cross site scripting
2020-11-18 21:15:00
cve
cve
CVE-2020-25454
2020-11-18 21:15:11
nvd
nvd
CVE-2020-25454
2020-11-18 21:15:11
cvelist
cvelist
CVE-2020-25454
2020-11-18 20:52:25
osv
osv
CVE-2020-25454
2020-11-18 21:15:11