Grocy Injection Vulnerability

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. An injection vulnerability exists in Grocy version v.4.0.3, which originated to allow an attacker to execute arbitrary code and obtain sensitive information via the QR code function of the manageapikeys...

CVE-2023-48197

Cross-Site Scripting XSS vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function...