Grocy Project: >> Grocy >> 2.7.1 Security Vulnerabilities
A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-04
Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.002
Published
2023-09-15
Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-11-18