Lucene search
Grocy ProjectGrocy4.0.3
4 matches found
CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy
7.8CVSS7.8AI score0.00569EPSS
CVE-2023-48197
Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.
5.4CVSS5.2AI score0.00296EPSS
CVE-2023-48198
A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version
5.4CVSS5.2AI score0.00369EPSS
CVE-2023-48200
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.
5.4CVSS5.6AI score0.00298EPSS