CVE-2023-48866

Publication date

2023-12-04 00:00:00

Family

mitre

State

PUBLISHED

Description

A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victims cookies.