QloApps 1.6.0 - SQL Injection

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameters datefrom, dateto, and idproduct allows a remote attacker to retrieve the contents of an entire database. id: CVE-2023-36284 info: name: QloApps 1.6.0 - SQL Injection author: ritikchaddha severity: high...

Webkul QloApps 1.5.2 - Cross-site Scripting

Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and emailcreate parameters in the AuthController.php file. id: CVE-2023-30256 info: name: Webkul QloApps 1.5.2 - Cross-site Scripting author: theamanrawat...

Webkul QloApps 1.6.0 - Cross-site Scripting

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter. id: CVE-2023-36289 info: name: Webkul QloApps 1.6.0 - Cross-site Scripting author:...

Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion

A directory traversal vulnerability in the Ultimate Portfolio comultimateportfolio component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1659 info: name: Joomla! Component Ultimate Portfolio 1.0 - Local Fi...

Webkul QloApps 1.6.0 - Cross-site Scripting

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter. id: CVE-2023-36287 info: name: Webkul QloApps 1.6.0 - Cross-site Scripting author: theamanrawa...

Exploit for CVE-2026-38526

CVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestr...

Webkul Krayin CRM is Vulnerable to Cross-Site Scripting in the /admin/activities/create endpoint

Cross-Site Scripting XSS vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint...

EUVD-2026-28390

Cross-Site Scripting XSS vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint...

GHSA-J822-46R5-H4QX Webkul Krayin CRM is Vulnerable to Cross-Site Scripting in the /admin/activities/create endpoint

Cross-Site Scripting XSS vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint...

CVE-2026-36341

Cross-Site Scripting XSS vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint...

CVE-2026-36341

Cross-Site Scripting XSS vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint...

CVE-2026-36341

CVE-2026-36341 : Webkul Krayin CRM 2.1.5 contains a Cross-Site Scripting (XSS) flaw in the comment input during Activity creation via the /admin/activities/create endpoint. The root cause is inadequate sanitization of user-supplied input in the comment field. The CVSS v3.1 base score is 5.4 (Medi...

CVE-2026-36341

Cross-Site Scripting XSS vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint...

Webkul Krayin CRM 代码注入漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses developed by the Indian company Webkul. Version 2.1.5 of Webkul Krayin CRM contains a code injection vulnerability, which stems from issues with the compose email function. This vulnerability could allo...

PT-2026-36081

Name of the Vulnerable Software and Affected Versions Webkul Krayin CRM version 2.1.5 Description A Cross-Site Scripting XSS issue occurs due to improper sanitization of user-supplied input in the comment field during activity creation. This allows for HTML injection via the...

Bagisto 代码问题漏洞

Bagisto is an open-source e-commerce framework developed by Webkul Software in India. Versions of Bagisto 2.3.15 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the copy function in the Downloadable Link Handler component, which could lead to...

EUVD-2026-22296

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

EUVD-2026-22303

A Broken Object-Level Authorization BOLA in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request...

EUVD-2026-22300

A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...

GHSA-2XX8-J85V-J7WH Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php

A Broken Object-Level Authorization BOLA in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request...