Alireza Gharib Blog

CVE-2024-55074 – Grocy Stored XSS Privilege Escalation Vulnerability

CVE ID : CVE-2024-55074

Published : Jan. 6, 2025, 8:15 p.m. | 44 minutes ago

Description : The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Go to Source

Tags: #cve, #cybersecurity, #security

Related Posts

Windows 11’s TPM 2.0: Free Software Foundation Fights Forced Upgrades and E-Waste Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast Vulnerable Moxa devices expose industrial networks to attacks Vulnerability Overload: 40,000+ CVEs in 2024 Trio of Critical Vulnerabilities in Netis Routers Enables Unauthenticated RCE Top Cybersecurity Certifications to Boost Your Career in 2025 Threat Actors Exploit a Critical Ivanti RCE Bug, Again Thousands of SonicWall Devices Remain Vulnerable to CVE-2024-40766 TheCyberThrone Security Weekly Review – January 11, 2025 TheCyberThrone Security Weekly Review – January 04, 2025 SonicWall waarschuwt voor actief misbruikt lek in SSLVPN-functie firewalls SonicWall urges admins to patch exploitable SSLVPN bug immediately SonicWall Issues Important Security Advisory for Multiple Vulnerabilities in SonicOS Secure Your Repos: go-git Patches Critical Vulnerability – CVE-2025-21613 (CVSS 9.8) Reversing, Discovering, And Exploiting A TP-Link Router Vulnerability — CVE-2024–54887 Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers Redis was affected by CVE-2024-51741 and CVE-2024-46981 Nuclei flaw lets malicious templates bypass signature verification Nuclei flaw bypasses template signature checks to execute commands
, ,
, ,
Recent Posts