CVE-2024-55074

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 6, 2025

CWE ID 79

Summary

CVE-2024-55074 is a vulnerability affecting the edit profile function of Grocy up to version 4.3.0. An attacker can exploit this issue by uploading a maliciously crafted HTML or SVG file, leading to Stored Cross-Site Scripting (XSS). Successful exploitation could result in privilege escalation, granting the attacker unintended access to sensitive information or functionality within the application. This vulnerability is distinct from CVE-2024-8370.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1TrH9n
https://www.cve.org/CVERecord?id=CVE-2024-55074
https://nvd.nist.gov/vuln/detail/CVE-2024-55074

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-55074

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations