225 matches found
CVE-2023-36287
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter...
CVE-2023-36284
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...
CVE-2023-36287
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter...
CVE-2023-36284
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...
CVE-2023-36287
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter...
Cross site scripting
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter...
CVE-2023-36289
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...
CVE-2023-36288
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter...
CVE-2023-36289
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...
CVE-2023-36288
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter...
CVE-2023-36288
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter...
CVE-2023-36289
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...
Cross site scripting
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...
Cross site scripting
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter...
CVE-2023-36289
An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...
CVE-2023-36287
Webkul QloApps 1.6.0 is affected by an unauthenticated Cross‑Site Scripting (XSS) vulnerability. The issue enables an attacker to exfiltrate a user’s session cookie and impersonate the user via a POST controller parameter. Evidence appears in the Nuclei template for CVE-2023-36287 and mirrors oth...
PT-2023-25514 · Webkul · Webkul Qloapps
Name of the Vulnerable Software and Affected Versions: Webkul QloApps version 1.6.0 Description: The issue is related to an unauthenticated Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to obtain a user's session cookie, which can then be used to impersonate the...
CVE-2023-36284
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...
CVE-2023-36288
The CVE-2023-36288 issue affects Webkul QloApps v1.6.0 and is an unauthenticated Cross-Site Scripting (XSS) flaw in the configure parameter of a GET request. The underlying risk is that an attacker can steal a user’s session cookie and impersonate that user. There is no explicit evidence of explo...
CVE-2023-36289
Webkul QloApps 1.6.0 is affected by an unauthenticated Cross-Site Scripting (XSS) vulnerability that allows an attacker to obtain a user’s session cookie and impersonate the user via POST email_create and back parameter. Impact: potential session hijacking and user impersonation. Remediation: app...