CVE-2023-48198

Опубликовано: 15 нояб. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies.

Ссылки

https://github.com/grocy/grocy
Product
https://nitipoom-jar.github.io/CVE-2023-48198
Exploit
Third Party Advisory
https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48198
https://github.com/grocy/grocy
Product
https://nitipoom-jar.github.io/CVE-2023-48198
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:grocy_project:grocy:4.0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00562

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-48198

CVSS3: 5.4

debian

около 2 лет назад

A Cross-Site Scripting (XSS) vulnerability in the 'product description ...

GHSA-jmqm-f57p-26jw

CVSS3: 5.4

github

около 2 лет назад

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the product description component in the api/stock/products endpoint.

EPSS

Процентиль: 68%

0.00562

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79