Описание
A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies.
Ссылки
- Product
- Third Party Advisory
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.3 (включая)
cpe:2.3:a:grocy_project:grocy:*:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00339
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
debian
около 2 лет назад
A Cross-Site Scripting (XSS) vulnerability in the recipe preparation c ...
CVSS3: 5.4
github
около 2 лет назад
A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies.
EPSS
Процентиль: 56%
0.00339
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79