← Volver a CVEs
CVE-2023-48197
MEDIUM5.4
Descripcion
Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.
Detalles CVE
Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado11/15/2023
Ultima modificacion9/29/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
grocy_project:grocy
Debilidades (CWE)
CWE-79CWE-79
Referencias
https://github.com/grocy/grocy(cve@mitre.org)
https://nitipoom-jar.github.io/CVE-2023-48197/(cve@mitre.org)
https://github.com/grocy/grocy(af854a3a-2127-422b-91ae-364da2661108)
https://nitipoom-jar.github.io/CVE-2023-48197/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.