CVE-2024-55074 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue…
High CVSS: 8.8

CVE-2024-55074

The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370.
Vendor
Grocy Project
Product
Grocy
CWE
CWE-79
Yayın Tarihi
2025-01-06 20:15:39
Güncelleme
2025-09-05 00:23:07
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-79 Grocy HIGH Grocy Project 2025

Referanslar

https://m10x.de/posts/2024/11/all-your-recipe-are-belong-to-us-part-1/3-stored-xss-csrf-and-broken-access-control-vulnerabilities-in-grocy/ https://m10x.de/posts/2024/11/all-your-recipe-are-belong-to-us-part-1/3-stored-xss-csrf-and-broken-access-control-vulnerabilities-in-grocy/