Grocy Security Vulnerabilities and Issues — Grocy CVE List

Lucene search

Grocy ProjectGrocy

3 matches found

CVE•added 2025/01/06 8:15 p.m.•37 views

CVE-2024-55074

The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370.

8.8CVSS6.2AI score0.00063EPSS

CVE•added 2025/01/06 9:15 p.m.•35 views

CVE-2024-55076

Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password.

8.1CVSS7.1AI score0.00015EPSS

CVE•added 2025/01/06 9:15 p.m.•34 views

CVE-2024-55075

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes.

4.3CVSS4.6AI score0.0002EPSS