3 matches found
CVE-2024-8370 Grocy SVG File Upload recipepictures cross site scripting
A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...
Grocy 跨站脚本漏洞
Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A cross-site scripting vulnerability exists in Grocy 4.2.0 and earlier versions, which stems from the parameter forceserveas in the file /api/files/recipepictures/ can lead to cross-site scripting attack...
PT-2024-38975 · Grocy · Grocy
Name of the Vulnerable Software and Affected Versions: Grocy versions up to 4.2.0 Description: A problematic vulnerability was found in the SVG File Upload Handler component of Grocy, affecting the /api/files/recipepictures/ path. The manipulation of the force serve as argument with the input...