CVE-2023-48866

Published December 4th, 2023

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies.

grocy/grocy

ERP beyond your fridge - Grocy is a web-based self-hosted groceries & household management solution for your home

GitHub

9.13K