First published: Wed Nov 15 2023(Updated: )
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.
|Affected Software||Affected Version||How to fix|
|Grocy Project Grocy||=4.0.3|
The CVE ID for this vulnerability is CVE-2023-48200.
The severity of CVE-2023-48200 is medium with a CVSS score of 5.4.
The affected software is Grocy v.4.0.3.
A local attacker can exploit CVE-2023-48200 by executing arbitrary code and obtaining sensitive information via the equipment description component within the /equipment/ component of Grocy.
Yes, you can find more information on how to fix CVE-2023-48200 on the Grocy Project GitHub page.