Exploit/Advisories
Published on November 17th, 2020 📆 | 2051 Views ⚑
0Grocy Household Management Solution 2.7.1 Cross Site Scripting ≈ Packet Storm
# Exploit Author: Simran Sankhala
# Vendor Homepage: https://berrnd.de/
# Software Link: https://github.com/grocy/grocy
# Version: 2.7.1
# Tested on: Kali Linux 2020.3
# CVE ID Alloted : CVE-2020-25454
# Proof Of Concept:grocy household management solution v2.7.1, allows stored XSS , via Add recipe module, that is rendered upon deleting that Recipe .
To exploit this vulnerability:
1. Login to the application
2. Go to Recipe t' module
3. Click on 'add New recipe ' module
4. Enter the payload:
Gloss