First published: Wed Nov 15 2023(Updated: )
A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies.
|Affected Software||Affected Version||How to fix|
|Grocy Project Grocy||=4.0.3|
CVE-2023-48198 is a Cross Site Scripting vulnerability in Grocy v.4.0.3.
A local attacker can exploit CVE-2023-48198 by executing arbitrary code and obtaining sensitive information via the product description component in the api/stock/products endpoint.
Grocy v.4.0.3 is affected by CVE-2023-48198.
CVE-2023-48198 has a medium severity level with a severity value of 5.4.
To fix CVE-2023-48198, it is recommended to update Grocy to a version that addresses the Cross Site Scripting vulnerability. Please refer to the official Grocy documentation or the vendor's website for the latest updates and patch information.