225 matches found
CVE-2025-1074 Webkul QloApps URL mylogout cross-site request forgery
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-1074
Webkul QloApps 1.6.1 is affected by a cross-site request forgery in the URL Handler logout function at /en/?mylogout. The vulnerability stems from the logout endpoint logic, enabling remote CSRF exploitation. Public exploit/disclosures exist and the vendor has been informed and is working on a fi...
Webkul QloApps 安全漏洞
Webkul QloApps is a hotel reservation management software from Webkul. A security vulnerability exists in Webkul QloApps version 1.6.1, which stems from a cross-site request forgery attack due to a logout feature in the file /en/?mylogout of the component URL Handler...
PT-2025-5824 · Webkul · Webkul Qloapps
Name of the Vulnerable Software and Affected Versions: Webkul QloApps version 1.6.1 Description: A problematic issue was found in Webkul QloApps, affecting the logout function of the "/en/?mylogout" endpoint in the URL Handler component. This issue leads to cross-site request forgery and can be...
Webkul Krayin CRM 安全漏洞
Webkul Krayin CRM is a free and open source CRM solution for small and medium-sized businesses from Webkul India. A security vulnerability exists in Webkul Krayin CRM v1.3.0 that stems from vulnerability to cross-site scripting XSS attacks...
CVE-2024-46367
A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...
CVE-2024-46366
A Client-side Template Injection CSTI vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the...
CVE-2024-46366
Webkul Krayin CRM 1.3.0 is affected by a Client-side Template Injection (CSTI) vulnerability during lead creation, allowing an attacker to inject malicious template code and potentially escalate privileges within the CRM. No exploit details are provided in the available documents. The Red Hat PT ...
PT-2024-31971 · Webkul · Webkul Krayin Crm
Name of the Vulnerable Software and Affected Versions: Webkul Krayin CRM version 1.3.0 Description: A Stored Cross-Site Scripting XSS issue allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalatio...
Webkul Krayin CRM 安全漏洞
Webkul Krayin CRM is a free and open source CRM solution for small and medium-sized businesses from Webkul India. A security vulnerability exists in Webkul Krayin CRM version 1.3.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows remote attackers to...
CVE-2024-46366
A Client-side Template Injection CSTI vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the...
CVE-2024-46367
A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...
CVE-2024-46366
A Client-side Template Injection CSTI vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the...
CVE-2024-46367
A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...
CVE-2024-46367
A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...
CVE-2024-46366
A Client-side Template Injection CSTI vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the...
CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...
PT-2024-28804 · Webkul · Webkul Qloapps
Name of the Vulnerable Software and Affected Versions: Webkul Qloapps version 1.6.0.0 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file, due to an arbitrary file upload vulnerability. Recommendations: For Webkul Qloapps version 1.6.0.0, update to a...
CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...