Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.
References
Link | Resource |
---|---|
https://github.com/grocy/grocy | Product |
https://nitipoom-jar.github.io/CVE-2023-48197/ | Exploit Third Party Advisory |
Configurations
History
24 Jan 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function. |
21 Nov 2023, 01:02
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-15 23:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-48197
Mitre link : CVE-2023-48197
CVE.ORG link : CVE-2023-48197
JSON object : View
Products Affected
grocy_project
- grocy
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')