Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grocy project grocy vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-42270
Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).
Grocy Project Grocy
5.4
CVSSv3
CVE-2023-48866
A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows malicious users to obtain the victim's cookies.
Grocy Project Grocy
7.8
CVSSv3
CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows malicious users to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags t...
Grocy Project Grocy 4.0.3
5.4
CVSSv3
CVE-2020-25454
Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe.
Grocy Project Grocy 2.7.1
5.4
CVSSv3
CVE-2023-48197
Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and previous versions allows malicious users to obtain victim's cookies when the victim clicks on the "see QR code" function.
Grocy Project Grocy 4.0.3
5.4
CVSSv3
CVE-2023-48198
A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows malicious users to obtain a victim's cookies.
Grocy Project Grocy 4.0.3
5.4
CVSSv3
CVE-2023-48200
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local malicious user to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.
Grocy Project Grocy 4.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started