Lucene search
MitreCVE-2023-48198HistoryNov 15, 2023 - 11:15 p.m.
CVE-2023-48198
2023-11-1523:15:08
CWE-79
mitre
web.nvd.nist.gov
22
cve-2023-48198
cross site scripting
grocy v.4.0.3
api
security vulnerability
information disclosure
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.0%
A Cross-Site Scripting (XSS) vulnerability in the ‘product description’ component within ‘/api/stock/products’ of Grocy version <= 4.0.3 allows attackers to obtain a victim’s cookies.
Affected configurations
Node
grocy_projectgrocyMatch4.0.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| grocy_project | grocy | 4.0.3 | cpe:2.3:a:grocy_project:grocy:4.0.3:*:*:*:*:*:*:* |
Related
osv
osv
CVE-2023-48198
2023-11-15 23:15:08
alpinelinux
alpinelinux
CVE-2023-48198
2023-11-15 23:15:08
prion
prion
Cross site scripting
2023-11-15 23:15:00
cvelist
cvelist
CVE-2023-48198
2023-11-15 00:00:00
nvd
nvd
CVE-2023-48198
2023-11-15 23:15:08
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.0%
Related for CVE-2023-48198