151 matches found
CVE-2025-1155
CVE-2025-1155 affects Webkul QloApps 1.6.1, specifically the Your Location Search component in the /stores path. Reported vulnerability is a cross-site scripting (XSS) issue generated by manipulating input in an unknown part of the stores file. It is exploitable remotely according to the sources....
Webkul QloApps 安全漏洞
Webkul QloApps is a hotel reservation management software from Webkul Inc. A security vulnerability exists in Webkul QloApps version 1.6.1, which stems from improper input filtering in the Your Location Search component under the stores path, leading to a cross-site scripting attack...
PT-2025-6102 · Webkul · Webkul Qloapps
Name of the Vulnerable Software and Affected Versions: Webkul QloApps version 1.6.1 Description: A problematic vulnerability was found in Webkul QloApps, affecting an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is...
CVE-2025-1074
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-1074
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-1074 Webkul QloApps URL mylogout cross-site request forgery
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-1074 Webkul QloApps URL mylogout cross-site request forgery
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-1074
Webkul QloApps 1.6.1 is affected by a cross-site request forgery in the URL Handler logout function at /en/?mylogout. The vulnerability stems from the logout endpoint logic, enabling remote CSRF exploitation. Public exploit/disclosures exist and the vendor has been informed and is working on a fi...
Webkul QloApps 安全漏洞
Webkul QloApps is a hotel reservation management software from Webkul. A security vulnerability exists in Webkul QloApps version 1.6.1, which stems from a cross-site request forgery attack due to a logout feature in the file /en/?mylogout of the component URL Handler...
PT-2025-5824 · Webkul · Webkul Qloapps
Name of the Vulnerable Software and Affected Versions: Webkul QloApps version 1.6.1 Description: A problematic issue was found in Webkul QloApps, affecting the logout function of the "/en/?mylogout" endpoint in the URL Handler component. This issue leads to cross-site request forgery and can be...
CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...
Webkul QloApps 安全漏洞
Webkul QloApps is a hotel reservation management software from Webkul Inc. A security vulnerability exists in Webkul QloApps version 1.6.0.0, which originates from an arbitrary file upload vulnerability. An attacker can exploit this vulnerability to execute arbitrary code by uploading a specially...
PT-2024-28804 · Webkul · Webkul Qloapps
Name of the Vulnerable Software and Affected Versions: Webkul Qloapps version 1.6.0.0 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file, due to an arbitrary file upload vulnerability. Recommendations: For Webkul Qloapps version 1.6.0.0, update to a...
CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40318
CVE-2024-40318 is an arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 that enables remote code execution. The root cause involves bypassing file upload restrictions via crafted uploads, with the Red Hat/NVD OSV entries and PT Security notes corroborating a code-execution outcome. Im...
CVE-2023-36235
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the idorder parameter...
Information disclosure
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the idorder parameter...
CVE-2023-36235
CVE-2023-36235 affects Webkul Qloapps prior to version 1.6.0 , exposing sensitive information via the id_order parameter. The available connected document details indicate an information disclosure risk rooted in handling of the id_order input, enabling an attacker to obtain sensitive data. The v...