Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker can then manipulate page content in the QR code detail popup, often coupled with social engineering tactics, exploiting both the trust of users and the application's lack of proper input handling.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Grocy 安全漏洞
Vulnerability Description
Grocy是Grocy开源的一个基于网络的自托管杂货和家庭管理解决方案。 Grocy v.4.0.3版本存在安全漏洞,该漏洞源于允许攻击者通过manageapikeys组件的QR code功能执行任意代码并获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A