Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 29 Sep 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 11 Jun 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-29T13:59:05.001Z
Reserved: 2023-11-13T00:00:00.000Z
Link: CVE-2023-48197

Updated: 2024-08-02T21:23:39.182Z

Status : Modified
Published: 2023-11-15T23:15:08.903
Modified: 2025-09-29T14:16:42.570
Link: CVE-2023-48197

No data.

No data.