Lucene search

[email protected]NVD:CVE-2023-48198

HistoryNov 15, 2023 - 11:15 p.m.

CVE-2023-48198

2023-11-1523:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

api

stock component

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.0%

JSON

A Cross-Site Scripting (XSS) vulnerability in the ‘product description’ component within ‘/api/stock/products’ of Grocy version <= 4.0.3 allows attackers to obtain a victim’s cookies.

Affected configurations

Nvd

Node

grocy_projectgrocyMatch4.0.3

VendorProductVersionCPE
grocy_projectgrocy4.0.3cpe:2.3:a:grocy_project:grocy:4.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
grocy_project	grocy	4.0.3	cpe:2.3:a:grocy_project:grocy:4.0.3:::::::*

References

github.com/grocy/grocy

nitipoom-jar.github.io/CVE-2023-48198