Описание
Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| grocy | itp | package |
EPSS
Процентиль: 63%
0.00452
Низкий
Связанные уязвимости
CVSS3: 5.4
nvd
около 2 лет назад
Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.
CVSS3: 5.4
github
около 2 лет назад
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the QR code function in the manageapikeys component.
EPSS
Процентиль: 63%
0.00452
Низкий