Lucene search
K

124 matches found

Prion
Prion
added 2023/11/15 11:15 p.m.14 views

Cross site scripting

Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...

4.9CVSS5.9AI score0.00665EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.5 views

PT-2023-30723 · Grocy · Grocy

Name of the Vulnerable Software and Affected Versions: Grocy versions = 4.0.3 Description: A Cross-Site Scripting XSS issue exists in the 'product description' component within the "/api/stock/products" endpoint, allowing attackers to obtain a victim's cookies. This issue can be exploited by a...

5.4CVSS5.5AI score0.00666EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.3 views

Grocy Cross-Site Scripting Vulnerability

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A cross-site scripting vulnerability exists in Grocy version v.4.0.3, which stems from a cross-site scripting XSS vulnerability in the QR code function of the manageapikeys component. An attacker could...

5.4CVSS6.3AI score0.00665EPSS
Exploits1References4
CVE
CVE
added 2023/11/15 12:0 a.m.53 views

CVE-2023-48197

Grocy 4.0.3 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability in the manageApiKeys component. The issue occurs when a user engages the QR code viewing function, enabling an attacker to obtain the victim’s cookies. The available connected documents confirm the vulnerability an...

5.4CVSS5.2AI score0.00665EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/11/15 12:0 a.m.28 views

CVE-2023-48198

A Cross-Site Scripting XSS vulnerability in the 'product description' component within '/api/stock/products' of Grocy version = 4.0.3 allows attackers to obtain a victim's cookies...

5.4AI score0.00666EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/11/15 12:0 a.m.32 views

CVE-2023-48200

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component...

5.9AI score0.0077EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/11/15 12:0 a.m.34 views

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

8.1AI score0.00502EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/11/15 12:0 a.m.10 views

CVE-2023-48198

A Cross-Site Scripting XSS vulnerability in the 'product description' component within '/api/stock/products' of Grocy version = 4.0.3 allows attackers to obtain a victim's cookies...

5.9AI score0.00666EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.3 views

PT-2023-30726 · Grocy · Grocy

Name of the Vulnerable Software and Affected Versions: Grocy version 4.0.3 Description: The issue allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within the "/equipment/" component. Recommendations: For Grocy version 4.0.3...

5.4CVSS5.9AI score0.0077EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/11/15 12:0 a.m.29 views

CVE-2023-48197

Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...

5.4AI score0.00665EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.5 views

Grocy Injection Vulnerability

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. An injection vulnerability exists in Grocy version v.4.0.3, which originated to allow an attacker to execute arbitrary code and obtain sensitive information via the QR code function of the manageapikeys...

7.8CVSS7.8AI score0.00502EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/11/15 12:0 a.m.3 views

CVE-2023-48197

Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...

5.9AI score0.00665EPSS
Exploits1References3
CVE
CVE
added 2023/11/15 12:0 a.m.68 views

CVE-2023-48199

CVE-2023-48199 describes an HTML Injection vulnerability in Grocy versions prior to 4.0.4, specifically in the manageApiKeys component. The issue arises when user-supplied data is not sanitized, allowing injection of HTML tags through parameter values and potentially altering the QR code detail p...

7.8CVSS7.8AI score0.00502EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.7 views

PT-2023-30724 · Grocy · Grocy

Name of the Vulnerable Software and Affected Versions: Grocy versions prior to 4.0.4 Description: The issue allows attackers to inject arbitrary HTML content without script execution, occurring when user-supplied data is not properly sanitized. This enables the injection of HTML tags through...

7.8CVSS7.6AI score0.00502EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.4 views

PT-2023-30722 · Grocy · Grocy

Name of the Vulnerable Software and Affected Versions: Grocy versions 4.0.3 and earlier Description: The issue is related to a Cross-Site Scripting XSS vulnerability in the manageApiKeys component. This vulnerability allows attackers to obtain a victim's cookies when the victim clicks on the "see...

5.4CVSS5.1AI score0.00665EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.3 views

Grocy Security Vulnerabilities

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A security vulnerability exists in Grocy version v.4.0.3, which stems from a cross-site scripting XSS vulnerability in the /equipment/ component. An attacker could exploit the vulnerability to execute...

5.4CVSS6.3AI score0.0077EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.4 views

Grocy Cross-Site Scripting Vulnerability

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A cross-site scripting vulnerability exists in Grocy version v.4.0.3, which stems from a cross-site scripting XSS vulnerability in the product description component of the api/stock/products endpoint. An...

5.4CVSS6.3AI score0.00666EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/11/15 12:0 a.m.11 views

CVE-2023-48200

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component...

6.7AI score0.0077EPSS
Exploits1References3
CVE
CVE
added 2023/11/15 12:0 a.m.49 views

CVE-2023-48198

The CVE-2023-48198 issue affects Grocy versions

5.4CVSS5.2AI score0.00666EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/11/15 12:0 a.m.43 views

CVE-2023-48200

CVE-2023-48200 concerns Grocy v4.0.3 where a Cross-Site Scripting vulnerability exists in the equipment description component under /equipment/. The flaw allows a local attacker to execute arbitrary code and exfiltrate or view sensitive information via this component. The base score is 5.4 (Mediu...

5.4CVSS5.6AI score0.0077EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder