Skip to content

XSS and HTML injection possible at some places

Low
berrnd published GHSA-7f37-2fjr-v9p7 Oct 14, 2020

Package

No package listed

Affected versions

<= 2.7.1

Patched versions

> 2.7.1

Description

Solution

This has been resolved on 2020-10-14, so included in all releases after v2.7.1.

More information

See #996 for more information.

I don't consider this critical, this cannot be abused unauthenticated, grocy is not an application you (should) host publicly (means without authentication) on the internet.

Severity

Low

CVE ID

CVE-2020-15253

Weaknesses

No CWEs

Credits