First published: Wed Nov 15 2023(Updated: )
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Grocy Project Grocy | =4.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID for this vulnerability is CVE-2023-48200.
The severity of CVE-2023-48200 is medium with a CVSS score of 5.4.
The affected software is Grocy v.4.0.3.
A local attacker can exploit CVE-2023-48200 by executing arbitrary code and obtaining sensitive information via the equipment description component within the /equipment/ component of Grocy.
Yes, you can find more information on how to fix CVE-2023-48200 on the Grocy Project GitHub page.