CVE-2024-55074
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Jan 6, 2025
CWE ID 79
Summary
CVE-2024-55074 is a vulnerability affecting the edit profile function of Grocy up to version 4.3.0. Maliciously crafted HTML or SVG files can be uploaded, leading to Stored Cross-Site Scripting (XSS) attacks. Successful exploitation allows attackers to inject malicious code into a user's profile, potentially escalating privileges beyond their intended level, distinct from the privilege escalation issue addressed in CVE-2024-8370.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share