CVE-2023-48197

Description

Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.

NVD

Severity: MEDIUM
CVE ID: CVE-2023-48197
CVSS Score: 5.4
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Refrence: NVDMITRE

Proof Of Concept

nitipoom-jar

Refrence: GitHub