EUVD-2023-52280

Malicious code in bioql PyPI...

EUVD-2024-49128

Malicious code in bioql PyPI...

EUVD-2024-52733

Malicious code in bioql PyPI...

CVE-2024-8370

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

CVE-2023-48197

Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...

CVE-2023-48198

A Cross-Site Scripting XSS vulnerability in the 'product description' component within '/api/stock/products' of Grocy version = 4.0.3 allows attackers to obtain a victim's cookies...

CVE-2023-48200

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component...

CVE-2023-42270

Grocy = 4.0.2 is vulnerable to Cross Site Request Forgery CSRF...

CVE-2024-55074

The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370...

CVE-2024-55075

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes...

Grocy 安全漏洞

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A security vulnerability exists in Grocy version 4.3.0 and earlier, which stems from an attacker being able to obtain sensitive information by directly requesting a page that is not displayed in the user...

CVE-2024-8370

CVE-2024-8370 affects Grocy up to 4.2.0, targeting the SVG File Upload Handler. The vulnerability exists in unknown code path under /api/files/recipepictures/ where manipulating the argument force_serve_as with a crafted image leads to stored cross-site scripting. Exploitation is remotely possibl...

Grocy Security Vulnerabilities

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A security vulnerability exists in Grocy version 4.0.3 and prior versions. An attacker could exploit the vulnerability to obtain a victim's cookie...

PT-2023-30722 · Grocy · Grocy

Name of the Vulnerable Software and Affected Versions: Grocy versions 4.0.3 and earlier Description: The issue is related to a Cross-Site Scripting XSS vulnerability in the manageApiKeys component. This vulnerability allows attackers to obtain a victim's cookies when the victim clicks on the "see...

Grocy Security Vulnerabilities

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A security vulnerability exists in Grocy version v.4.0.3, which stems from a cross-site scripting XSS vulnerability in the /equipment/ component. An attacker could exploit the vulnerability to execute...

CVE-2023-48197

Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...

CVE-2020-15253

Versions of Grocy = 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product...