2 matches found
CVE-2023-36289
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...
CVE-2023-36289
Webkul QloApps 1.6.0 is affected by an unauthenticated Cross-Site Scripting (XSS) vulnerability that allows an attacker to obtain a user’s session cookie and impersonate the user via POST email_create and back parameter. Impact: potential session hijacking and user impersonation. Remediation: app...