📦 Grocy
by Grocy Project
🔍 What is Grocy?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
Grocy versions through 4.3.0 lack Cross-Site Request Forgery (CSRF) protection, allowing attackers to trick authenticated users into performing unintended actions. This vulnerability enables attackers...
This stored XSS vulnerability in Grocy's edit profile function allows attackers to upload malicious HTML or SVG files that execute arbitrary JavaScript when viewed. This can lead to privilege escalati...
This HTML injection vulnerability in Grocy's API key management component allows attackers to inject arbitrary HTML content into QR code detail popups. While script execution is prevented, attackers c...
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Grocy versions up to 4.0.2. Attackers can trick authenticated users into performing unintended actions on the Grocy web applicat...
This vulnerability in Grocy allows remote attackers to access sensitive information by directly requesting pages not visible in the user interface, such as calendar and recipe pages. It affects all Gr...