CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

5.4CVSS4AI score0.00199EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 6:57 a.m.•6 views

CVE-2024-55075

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes...

5.3CVSS6.5AI score0.00065EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:47 a.m.•18 views

CVE-2023-48866

A Cross-Site Scripting XSS vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shoppinglists/ of Grocy = 4.0.3 allows attackers to obtain the victim's cookies...

5.4CVSS5.8AI score0.00444EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:46 a.m.•2 views

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

7.8CVSS7.7AI score0.01058EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:42 a.m.•2 views

CVE-2023-48197

Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...

5.4CVSS5.7AI score0.00525EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:16 a.m.•2 views

CVE-2023-48198

A Cross-Site Scripting XSS vulnerability in the 'product description' component within '/api/stock/products' of Grocy version = 4.0.3 allows attackers to obtain a victim's cookies...

5.4CVSS5.7AI score0.00654EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:16 a.m.•5 views

CVE-2023-48200

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component...

5.4CVSS6.7AI score0.00315EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 1:51 a.m.•2 views

CVE-2023-42270

Grocy = 4.0.2 is vulnerable to Cross Site Request Forgery CSRF...

8.8CVSS6.8AI score0.00185EPSS

Exploits4References1

RedhatCVE•added 2025/02/05 2:49 p.m.•7 views

CVE-2020-15253

Versions of Grocy = 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product...

7.3CVSS6.3AI score0.00621EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by