Lucene search
K

124 matches found

CVE
CVE
added 2025/01/06 12:0 a.m.49 views

CVE-2024-55074

Affected software: Grocy, prior to version 4.3.0. Vulnerability: stored cross-site scripting (XSS) in the edit profile function triggered by uploading crafted HTML or SVG files, leading to privilege escalation. Root cause/impact: manipulation via file upload within the edit profile path; implicat...

9CVSS6.2AI score0.00627EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/01/06 12:0 a.m.46 views

CVE-2024-55076

Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password. Affected product is the Grocy web application up to version 4.3.0. Root cause and impact are stated in the CVE description; the practical consequence is CSRF vulnerability enabling unauthorized p...

8.1CVSS7.1AI score0.00301EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/01/06 12:0 a.m.6 views

Grocy 安全漏洞

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A security vulnerability exists in Grocy version 4.3.0 and earlier that stems from a lack of cross-site request forgery protection...

8.1CVSS6.6AI score0.00301EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/06 12:0 a.m.9 views

CVE-2024-55076

Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password...

8.1CVSS8.2AI score0.00301EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/06 12:0 a.m.12 views

CVE-2024-55074

The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370...

8.8CVSS6AI score0.00627EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/06 12:0 a.m.6 views

Grocy 安全漏洞

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A security vulnerability exists in Grocy version 4.3.0 and earlier, which stems from an attacker being able to obtain sensitive information by directly requesting a page that is not displayed in the user...

5.3CVSS6.2AI score0.00498EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/06 12:0 a.m.9 views

CVE-2024-55075

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes...

4.3CVSS6.5AI score0.00498EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/06 12:0 a.m.28 views

CVE-2024-55075

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes...

4.3CVSS0.00498EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/06 12:0 a.m.16 views

CVE-2024-55076

Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password...

8.1CVSS0.00301EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2024/09/01 10:15 p.m.24 views

CVE-2024-8370

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

5.4CVSS7AI score0.00406EPSS
Exploits1References3
NVD
NVD
added 2024/09/01 10:15 p.m.38 views

CVE-2024-8370

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

5.4CVSS0.00406EPSS
Exploits1References3
OSV
OSV
added 2024/09/01 10:15 p.m.3 views

CVE-2024-8370

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

5.4CVSS3.4AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/01 10:0 p.m.20 views

CVE-2024-8370 Grocy SVG File Upload recipepictures cross site scripting

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

5.3CVSS6.6AI score0.00406EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/09/01 10:0 p.m.42 views

CVE-2024-8370 Grocy SVG File Upload recipepictures cross site scripting

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

5.3CVSS0.00406EPSS
Exploits1References3
CVE
CVE
added 2024/09/01 10:0 p.m.84 views

CVE-2024-8370

CVE-2024-8370 affects Grocy up to 4.2.0, targeting the SVG File Upload Handler. The vulnerability exists in unknown code path under /api/files/recipepictures/ where manipulating the argument force_serve_as with a crafted image leads to stored cross-site scripting. Exploitation is remotely possibl...

5.4CVSS4AI score0.00406EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/09/01 12:0 a.m.4 views

Grocy 跨站脚本漏洞

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A cross-site scripting vulnerability exists in Grocy 4.2.0 and earlier versions, which stems from the parameter forceserveas in the file /api/files/recipepictures/ can lead to cross-site scripting attack...

5.4CVSS4.1AI score0.00406EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/09/01 12:0 a.m.7 views

PT-2024-38975 · Grocy · Grocy

Name of the Vulnerable Software and Affected Versions: Grocy versions up to 4.2.0 Description: A problematic vulnerability was found in the SVG File Upload Handler component of Grocy, affecting the /api/files/recipepictures/ path. The manipulation of the force serve as argument with the input...

5.3CVSS4.4AI score0.00406EPSS
Exploits1References15
Packet Storm
Packet Storm
added 2024/02/02 12:0 a.m.290 views

Grocy 4.0.2 Cross Site Request Forgery

Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must hav...

8.8CVSS7.4AI score0.00375EPSS
Exploits4
0day.today
0day.today
added 2024/01/31 12:0 a.m.262 views

Grocy <= 4.0.2 - CSRF Vulnerability

Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must have Crea...

8.8CVSS8.9AI score0.00375EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/01/31 12:0 a.m.286 views

Grocy &lt;=4.0.2 - CSRF

Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must have Crea...

8.8CVSS8.9AI score0.00375EPSS
Exploits4
Rows per page
Query Builder