A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 29 Sep 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-29T14:31:00.998Z
Reserved: 2023-11-20T00:00:00.000Z
Link: CVE-2023-48866

No data.

Status : Modified
Published: 2023-12-04T15:15:07.560
Modified: 2025-09-29T15:16:04.820
Link: CVE-2023-48866

No data.

No data.