Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim’s cookies when the victim clicks on the “see QR code” function.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | 3.19-community | noarch | grocy | = 4.0.3-r2 | UNKNOWN |