Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2023-48197

Description

Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.

POC

Reference

- https://nitipoom-jar.github.io/CVE-2023-48197/

Github

- https://github.com/nitipoom-jar/CVE-2023-48197

- https://github.com/nomi-sec/PoC-in-GitHub