Vulnerabilities > Grocy Project > Grocy > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-48199 | Injection vulnerability in Grocy Project Grocy 4.0.3 HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. | 7.8 |
| 2023-09-15 | CVE-2023-42270 | Cross-Site Request Forgery (CSRF) vulnerability in Grocy Project Grocy Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF). | 8.8 |