12 matches found
CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...
CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...
CVE-2023-48197
Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...
Design/Logic Flaw
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...
Cross site scripting
Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...
CVE-2023-48199
CVE-2023-48199 describes an HTML Injection vulnerability in Grocy versions prior to 4.0.4, specifically in the manageApiKeys component. The issue arises when user-supplied data is not sanitized, allowing injection of HTML tags through parameter values and potentially altering the QR code detail p...
Grocy Injection Vulnerability
Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. An injection vulnerability exists in Grocy version v.4.0.3, which originated to allow an attacker to execute arbitrary code and obtain sensitive information via the QR code function of the manageapikeys...
Grocy Cross-Site Scripting Vulnerability
Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A cross-site scripting vulnerability exists in Grocy version v.4.0.3, which stems from a cross-site scripting XSS vulnerability in the QR code function of the manageapikeys component. An attacker could...
PT-2023-30722 · Grocy · Grocy
Name of the Vulnerable Software and Affected Versions: Grocy versions 4.0.3 and earlier Description: The issue is related to a Cross-Site Scripting XSS vulnerability in the manageApiKeys component. This vulnerability allows attackers to obtain a victim's cookies when the victim clicks on the "see...
CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...
CVE-2023-48197
Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...
CVE-2023-48197
Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...