124 matches found
Cross site scripting
Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...
PT-2023-30723 · Grocy · Grocy
Name of the Vulnerable Software and Affected Versions: Grocy versions = 4.0.3 Description: A Cross-Site Scripting XSS issue exists in the 'product description' component within the "/api/stock/products" endpoint, allowing attackers to obtain a victim's cookies. This issue can be exploited by a...
Grocy Cross-Site Scripting Vulnerability
Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A cross-site scripting vulnerability exists in Grocy version v.4.0.3, which stems from a cross-site scripting XSS vulnerability in the QR code function of the manageapikeys component. An attacker could...
CVE-2023-48197
Grocy 4.0.3 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability in the manageApiKeys component. The issue occurs when a user engages the QR code viewing function, enabling an attacker to obtain the victim’s cookies. The available connected documents confirm the vulnerability an...
CVE-2023-48198
A Cross-Site Scripting XSS vulnerability in the 'product description' component within '/api/stock/products' of Grocy version = 4.0.3 allows attackers to obtain a victim's cookies...
CVE-2023-48200
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component...
CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...
CVE-2023-48198
A Cross-Site Scripting XSS vulnerability in the 'product description' component within '/api/stock/products' of Grocy version = 4.0.3 allows attackers to obtain a victim's cookies...
PT-2023-30726 · Grocy · Grocy
Name of the Vulnerable Software and Affected Versions: Grocy version 4.0.3 Description: The issue allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within the "/equipment/" component. Recommendations: For Grocy version 4.0.3...
CVE-2023-48197
Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...
Grocy Injection Vulnerability
Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. An injection vulnerability exists in Grocy version v.4.0.3, which originated to allow an attacker to execute arbitrary code and obtain sensitive information via the QR code function of the manageapikeys...
CVE-2023-48197
Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...
CVE-2023-48199
CVE-2023-48199 describes an HTML Injection vulnerability in Grocy versions prior to 4.0.4, specifically in the manageApiKeys component. The issue arises when user-supplied data is not sanitized, allowing injection of HTML tags through parameter values and potentially altering the QR code detail p...
PT-2023-30724 · Grocy · Grocy
Name of the Vulnerable Software and Affected Versions: Grocy versions prior to 4.0.4 Description: The issue allows attackers to inject arbitrary HTML content without script execution, occurring when user-supplied data is not properly sanitized. This enables the injection of HTML tags through...
PT-2023-30722 · Grocy · Grocy
Name of the Vulnerable Software and Affected Versions: Grocy versions 4.0.3 and earlier Description: The issue is related to a Cross-Site Scripting XSS vulnerability in the manageApiKeys component. This vulnerability allows attackers to obtain a victim's cookies when the victim clicks on the "see...
Grocy Security Vulnerabilities
Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A security vulnerability exists in Grocy version v.4.0.3, which stems from a cross-site scripting XSS vulnerability in the /equipment/ component. An attacker could exploit the vulnerability to execute...
Grocy Cross-Site Scripting Vulnerability
Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A cross-site scripting vulnerability exists in Grocy version v.4.0.3, which stems from a cross-site scripting XSS vulnerability in the product description component of the api/stock/products endpoint. An...
CVE-2023-48200
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component...
CVE-2023-48198
The CVE-2023-48198 issue affects Grocy versions
CVE-2023-48200
CVE-2023-48200 concerns Grocy v4.0.3 where a Cross-Site Scripting vulnerability exists in the equipment description component under /equipment/. The flaw allows a local attacker to execute arbitrary code and exfiltrate or view sensitive information via this component. The base score is 5.4 (Mediu...