VYPR
High severity7.3NVD Advisory· Published Oct 14, 2020· Updated Jun 17, 2026

CVE-2020-15253

CVE-2020-15253

Description

Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product groups, recipes and products. Authentication is required to exploit these issues and Grocy should not be publicly exposed. The linked reference details a proof-of-concept.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Grocy Project/Grocyllm-create2 versions
    <=2.7.1+ 1 more
    • (no CPE)range: <=2.7.1
    • (no CPE)range: <= 2.7.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.