Vulnerabilities > Grocy Project > Grocy > 2.7.1

DATE CVE VULNERABILITY TITLE RISK
2023-12-04 CVE-2023-48866 Cross-site Scripting vulnerability in Grocy Project Grocy
A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies.
network
low complexity
grocy-project CWE-79
5.4
5.4
2023-09-15 CVE-2023-42270 Cross-Site Request Forgery (CSRF) vulnerability in Grocy Project Grocy
Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).
network
low complexity
grocy-project CWE-352
8.8
8.8
2020-11-18 CVE-2020-25454 Cross-site Scripting vulnerability in Grocy Project Grocy 2.7.1
Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe.
network
low complexity
grocy-project CWE-79
5.4
5.4