Filtered by vendor Webkul
Subscriptions
Filtered by product Qloapps
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1155 | 1 Webkul | 1 Qloapps | 2025-06-20 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove this page in the long term. | ||||
| CVE-2023-36235 | 1 Webkul | 1 Qloapps | 2025-06-10 | 6.5 Medium |
| An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter. | ||||
| CVE-2023-30256 | 1 Webkul | 1 Qloapps | 2025-01-27 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file. | ||||
| CVE-2023-36284 | 1 Webkul | 1 Qloapps | 2024-11-29 | 7.5 High |
| An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. | ||||
| CVE-2023-36287 | 1 Webkul | 1 Qloapps | 2024-11-29 | 6.1 Medium |
| An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter. | ||||
| CVE-2023-36288 | 1 Webkul | 1 Qloapps | 2024-11-29 | 5.4 Medium |
| An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter. | ||||
| CVE-2023-36289 | 1 Webkul | 1 Qloapps | 2024-11-29 | 6.1 Medium |
| An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter. | ||||
| CVE-2024-40318 | 1 Webkul | 1 Qloapps | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
Page 1 of 1.