Lucene search
+L

151 matches found

CVE
CVE
added 2025/02/10 8:0 p.m.64 views

CVE-2025-1155

CVE-2025-1155 affects Webkul QloApps 1.6.1, specifically the Your Location Search component in the /stores path. Reported vulnerability is a cross-site scripting (XSS) issue generated by manipulating input in an unknown part of the stores file. It is exploitable remotely according to the sources....

6.1CVSS4.3AI score0.00528EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

Webkul QloApps 安全漏洞

Webkul QloApps is a hotel reservation management software from Webkul Inc. A security vulnerability exists in Webkul QloApps version 1.6.1, which stems from improper input filtering in the Your Location Search component under the stores path, leading to a cross-site scripting attack...

6.1CVSS4.5AI score0.00528EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/02/10 12:0 a.m.5 views

PT-2025-6102 · Webkul · Webkul Qloapps

Name of the Vulnerable Software and Affected Versions: Webkul QloApps version 1.6.1 Description: A problematic vulnerability was found in Webkul QloApps, affecting an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is...

6.1CVSS4AI score0.00528EPSS
Exploits1References10
OSV
OSV
added 2025/02/06 2:15 p.m.4 views

CVE-2025-1074

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been...

5.3CVSS4.4AI score
Exploits0References4
NVD
NVD
added 2025/02/06 2:15 p.m.18 views

CVE-2025-1074

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been...

5.3CVSS0.00321EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/02/06 2:0 p.m.28 views

CVE-2025-1074 Webkul QloApps URL mylogout cross-site request forgery

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been...

5.3CVSS0.00321EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/02/06 2:0 p.m.9 views

CVE-2025-1074 Webkul QloApps URL mylogout cross-site request forgery

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been...

5.3CVSS4.6AI score0.00321EPSS
Exploits1References4
CVE
CVE
added 2025/02/06 2:0 p.m.70 views

CVE-2025-1074

Webkul QloApps 1.6.1 is affected by a cross-site request forgery in the URL Handler logout function at /en/?mylogout. The vulnerability stems from the logout endpoint logic, enabling remote CSRF exploitation. Public exploit/disclosures exist and the vendor has been informed and is working on a fi...

5.3CVSS4.7AI score0.00321EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.5 views

Webkul QloApps 安全漏洞

Webkul QloApps is a hotel reservation management software from Webkul. A security vulnerability exists in Webkul QloApps version 1.6.1, which stems from a cross-site request forgery attack due to a logout feature in the file /en/?mylogout of the component URL Handler...

5.3CVSS4.8AI score0.00321EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.6 views

PT-2025-5824 · Webkul · Webkul Qloapps

Name of the Vulnerable Software and Affected Versions: Webkul QloApps version 1.6.1 Description: A problematic issue was found in Webkul QloApps, affecting the logout function of the "/en/?mylogout" endpoint in the URL Handler component. This issue leads to cross-site request forgery and can be...

5.3CVSS4.3AI score0.00321EPSS
Exploits1References11
NVD
NVD
added 2024/07/25 7:15 p.m.27 views

CVE-2024-40318

An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...

7.2CVSS0.01183EPSS
Exploits1References1
OSV
OSV
added 2024/07/25 7:15 p.m.11 views

CVE-2024-40318

An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...

7.2CVSS7.7AI score
Exploits0References1
Cvelist
Cvelist
added 2024/07/25 12:0 a.m.30 views

CVE-2024-40318

An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...

0.01183EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.6 views

Webkul QloApps 安全漏洞

Webkul QloApps is a hotel reservation management software from Webkul Inc. A security vulnerability exists in Webkul QloApps version 1.6.0.0, which originates from an arbitrary file upload vulnerability. An attacker can exploit this vulnerability to execute arbitrary code by uploading a specially...

7.2CVSS7.7AI score0.01183EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.8 views

PT-2024-28804 · Webkul · Webkul Qloapps

Name of the Vulnerable Software and Affected Versions: Webkul Qloapps version 1.6.0.0 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file, due to an arbitrary file upload vulnerability. Recommendations: For Webkul Qloapps version 1.6.0.0, update to a...

7.2CVSS8.3AI score0.01183EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/07/25 12:0 a.m.22 views

CVE-2024-40318

An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...

8AI score0.01183EPSS
Exploits1References1
CVE
CVE
added 2024/07/25 12:0 a.m.66 views

CVE-2024-40318

CVE-2024-40318 is an arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 that enables remote code execution. The root cause involves bypassing file upload restrictions via crafted uploads, with the Red Hat/NVD OSV entries and PT Security notes corroborating a code-execution outcome. Im...

7.2CVSS7.8AI score0.01183EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/01/17 3:15 a.m.24 views

CVE-2023-36235

An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the idorder parameter...

6.5CVSS6.2AI score0.00656EPSS
Exploits1References3
Prion
Prion
added 2024/01/17 3:15 a.m.15 views

Information disclosure

An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the idorder parameter...

4CVSS6.5AI score0.00656EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/01/17 12:0 a.m.40 views

CVE-2023-36235

CVE-2023-36235 affects Webkul Qloapps prior to version 1.6.0 , exposing sensitive information via the id_order parameter. The available connected document details indicate an information disclosure risk rooted in handling of the id_order input, enabling an attacker to obtain sensitive data. The v...

6.5CVSS6.2AI score0.00656EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder