2 matches found
CVE-2023-48866
A Cross-Site Scripting XSS vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shoppinglists/ of Grocy = 4.0.3 allows attackers to obtain the victim's cookies...
CVE-2023-48866
CVE-2023-48866 is an XSS flaw in Grocy ≤ 4.0.3, affecting the recipe preparation endpoint (/api/objects/recipes) and the note component (/api/objects/shopping_lists/). The vulnerability allows attackers to obtain a victim’s cookies. The available connected sources confirm the affected software/ve...