Security Advisory

CVE-2023-48866

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-04 00:00:00

Last updated 2025-09-29 14:31:00

Assigner mitre

State PUBLISHED

Description

A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victims cookies.

← Browse all CVEs View on cve.org ↗