First published: Wed Nov 15 2023(Updated: )
A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Grocy | =4.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-48198 is a Cross Site Scripting vulnerability in Grocy v.4.0.3.
A local attacker can exploit CVE-2023-48198 by executing arbitrary code and obtaining sensitive information via the product description component in the api/stock/products endpoint.
Grocy v.4.0.3 is affected by CVE-2023-48198.
CVE-2023-48198 has a medium severity level with a severity value of 5.4.
To fix CVE-2023-48198, it is recommended to update Grocy to a version that addresses the Cross Site Scripting vulnerability. Please refer to the official Grocy documentation or the vendor's website for the latest updates and patch information.