Vulnerabilities > Grocy Project > Grocy > 1.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-04 | CVE-2023-48866 | Cross-site Scripting vulnerability in Grocy Project Grocy A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies. | 5.4 |
| 2023-09-15 | CVE-2023-42270 | Cross-Site Request Forgery (CSRF) vulnerability in Grocy Project Grocy Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF). | 8.8 |