Lucene search
+L

225 matches found

Vulnrichment
Vulnrichment
added 2025/02/06 2:0 p.m.9 views

CVE-2025-1074 Webkul QloApps URL mylogout cross-site request forgery

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been...

5.3CVSS4.6AI score0.00321EPSS
Exploits1References4
CVE
CVE
added 2025/02/06 2:0 p.m.70 views

CVE-2025-1074

Webkul QloApps 1.6.1 is affected by a cross-site request forgery in the URL Handler logout function at /en/?mylogout. The vulnerability stems from the logout endpoint logic, enabling remote CSRF exploitation. Public exploit/disclosures exist and the vendor has been informed and is working on a fi...

5.3CVSS4.7AI score0.00321EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.5 views

Webkul QloApps 安全漏洞

Webkul QloApps is a hotel reservation management software from Webkul. A security vulnerability exists in Webkul QloApps version 1.6.1, which stems from a cross-site request forgery attack due to a logout feature in the file /en/?mylogout of the component URL Handler...

5.3CVSS4.8AI score0.00321EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.6 views

PT-2025-5824 · Webkul · Webkul Qloapps

Name of the Vulnerable Software and Affected Versions: Webkul QloApps version 1.6.1 Description: A problematic issue was found in Webkul QloApps, affecting the logout function of the "/en/?mylogout" endpoint in the URL Handler component. This issue leads to cross-site request forgery and can be...

5.3CVSS4.3AI score0.00321EPSS
Exploits1References11
CNNVD
CNNVD
added 2024/10/07 12:0 a.m.4 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open source CRM solution for small and medium-sized businesses from Webkul India. A security vulnerability exists in Webkul Krayin CRM v1.3.0 that stems from vulnerability to cross-site scripting XSS attacks...

7.1CVSS5.7AI score0.00397EPSS
Exploits1References3
NVD
NVD
added 2024/09/27 5:15 p.m.21 views

CVE-2024-46367

A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...

9.6CVSS0.00502EPSS
Exploits0References1
NVD
NVD
added 2024/09/27 5:15 p.m.15 views

CVE-2024-46366

A Client-side Template Injection CSTI vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the...

8.8CVSS0.00502EPSS
Exploits0References1
CVE
CVE
added 2024/09/27 12:0 a.m.61 views

CVE-2024-46366

Webkul Krayin CRM 1.3.0 is affected by a Client-side Template Injection (CSTI) vulnerability during lead creation, allowing an attacker to inject malicious template code and potentially escalate privileges within the CRM. No exploit details are provided in the available documents. The Red Hat PT ...

8.8CVSS8.3AI score0.00502EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.7 views

PT-2024-31971 · Webkul · Webkul Krayin Crm

Name of the Vulnerable Software and Affected Versions: Webkul Krayin CRM version 1.3.0 Description: A Stored Cross-Site Scripting XSS issue allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalatio...

9.6CVSS6AI score0.00502EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.5 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open source CRM solution for small and medium-sized businesses from Webkul India. A security vulnerability exists in Webkul Krayin CRM version 1.3.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows remote attackers to...

9.6CVSS5.8AI score0.00502EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/27 12:0 a.m.12 views

CVE-2024-46366

A Client-side Template Injection CSTI vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the...

9.1AI score0.00502EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/27 12:0 a.m.12 views

CVE-2024-46367

A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...

7.6AI score0.00502EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/27 12:0 a.m.24 views

CVE-2024-46366

A Client-side Template Injection CSTI vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the...

0.00502EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/27 12:0 a.m.30 views

CVE-2024-46367

A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...

0.00502EPSS
Exploits0References1
OSV
OSV
added 2024/09/27 12:0 a.m.5 views

CVE-2024-46367

A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...

9.6CVSS5.5AI score0.00502EPSS
Exploits0References3
OSV
OSV
added 2024/09/27 12:0 a.m.4 views

CVE-2024-46366

A Client-side Template Injection CSTI vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the...

8.8CVSS7.7AI score0.00502EPSS
Exploits0References3
NVD
NVD
added 2024/07/25 7:15 p.m.28 views

CVE-2024-40318

An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...

7.2CVSS0.01183EPSS
Exploits1References1
OSV
OSV
added 2024/07/25 7:15 p.m.11 views

CVE-2024-40318

An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...

7.2CVSS7.7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.9 views

PT-2024-28804 · Webkul · Webkul Qloapps

Name of the Vulnerable Software and Affected Versions: Webkul Qloapps version 1.6.0.0 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file, due to an arbitrary file upload vulnerability. Recommendations: For Webkul Qloapps version 1.6.0.0, update to a...

7.2CVSS8.3AI score0.01183EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/07/25 12:0 a.m.22 views

CVE-2024-40318

An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file...

8AI score0.01183EPSS
Exploits1References1
Rows per page
Query Builder