Vulnerabilidades em Grocy project
3 resultadosCVE-2024-55074HIGHThe edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG filEPSS 0.6%CVE-2024-55075MEDIUMGrocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such EPSS 0.5%CVE-2024-55076HIGHGrocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password.EPSS 0.3%