4 matches found
CVE-2024-55074
The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370...
CVE-2024-55074
The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370...
CVE-2024-55074
Affected software: Grocy, prior to version 4.3.0. Vulnerability: stored cross-site scripting (XSS) in the edit profile function triggered by uploading crafted HTML or SVG files, leading to privilege escalation. Root cause/impact: manipulation via file upload within the edit profile path; implicat...
CVE-2024-55074
The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370...