CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Grocy Project: >> Grocy >> 1.0.1 Security Vulnerabilities

CVE-2023-48866

A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies.

CVSS Score

5.4

EPSS Score

0.002

Published

2023-12-04

CVE-2023-42270

Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).

CVSS Score

8.8

EPSS Score

0.002

Published

2023-09-15

Page 1

Vulnerabilities

Vulnerable Software

Grocy Project: >> Grocy >> 1.0.1 Security Vulnerabilities

Products

Pricing

Contact Us