How severe is CVE-2024-8370?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2024-8370?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-8370

MEDIUM Year: 2024

CVSS v3 Score

3.5

Low

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-79

View all →

Vulnerability Description

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument force_serve_as with the input picture' leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. Unfortunately, the project maintainer does not want to be quoted in any way regarding the dispute rationale. The security policy of the project implies that this finding is "practically irrelevant" due to authentication requirements.

CVE-2014-125110

LOW

CVSS:3.5(Low)

A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/...

CWE-792014

CVE-2014-125111

LOW

CVSS:3.5(Low)

A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. Th...

CWE-792014

CVE-2015-10131

LOW

CVSS:3.5(Low)

A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz...

CWE-792015

CVE-2015-10132

LOW

CVSS:3.5(Low)

A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulati...

CWE-792015

CVE-2017-20191

LOW

CVSS:3.5(Low)

A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFor...

CWE-792017

CVE-2018-25101

LOW

CVSS:3.5(Low)

A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. T...

CWE-792018

CVE-2024-8370

Vulnerability Description

Related Vulnerabilities

CVE-2014-125110

CVE-2014-125111

CVE-2015-10131

CVE-2015-10132

CVE-2017-20191

CVE-2018-25101