CVE-2023-48197

Published November 15th, 2023

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.

grocy/grocy

ERP beyond your fridge - Grocy is a web-based self-hosted groceries & household management solution for your home

GitHub

9.13K