Описание
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the QR code function in the manageapikeys component.
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the QR code function in the manageapikeys component.
Связанные уязвимости
CVSS3: 5.4
nvd
около 2 лет назад
Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.
CVSS3: 5.4
debian
около 2 лет назад
Cross-Site Scripting (XSS) vulnerability in the \u2018manageApiKeys\u2 ...