{"vulnerability": "cve-2024-8370", "sightings": [{"uuid": "dae79847-a41a-49f3-91e6-449fab5e26ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8370", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113783244019784638", "content": "", "creation_timestamp": "2025-01-06T20:15:19.922576Z"}, {"uuid": "23aa55e7-0f21-4292-8291-0a8639ea2c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8370", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3x7wsuki2k", "content": "", "creation_timestamp": "2025-01-06T20:15:57.295923Z"}, {"uuid": "3f9a1de0-0fb4-4f8a-a326-c814239884c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8370", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/218", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55074\n\ud83d\udd39 Description: The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370.\n\ud83d\udccf Published: 2025-01-06T00:00:00\n\ud83d\udccf Modified: 2025-01-06T20:26:25.597Z\n\ud83d\udd17 References:\n1. https://m10x.de/posts/2024/11/all-your-recipe-are-belong-to-us-part-1/3-stored-xss-csrf-and-broken-access-control-vulnerabilities-in-grocy/", "creation_timestamp": "2025-01-06T20:49:06.000000Z"}, {"uuid": "b020cbbd-ce5b-46da-b1f0-795f5a978a2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8370", "type": "seen", "source": "https://t.me/cvedetector/4583", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-8370 - Grocy SVG File Upload Handler Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-8370 \nPublished : Sept. 1, 2024, 10:15 p.m. | 40\u00a0minutes ago \nDescription : A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument force_serve_as with the input picture' leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. NOTE: The project maintainer explains that \"this is 'nonsense' and practically irrelevant according to the project's security policy\" which expects additional authentication for the software. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-02T01:19:47.000000Z"}, {"uuid": "aa9f4162-3ae1-455f-89b3-218c8203f033", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8370", "type": "seen", "source": "https://t.me/cvedetector/14405", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55074 - Grocy Stored XSS Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55074 \nPublished : Jan. 6, 2025, 8:15 p.m. | 36\u00a0minutes ago \nDescription : The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T21:57:56.000000Z"}]}