CVE-2023-48197

Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt