Lucene search
K

225 matches found

ATTACKERKB
ATTACKERKB
added 2023/06/23 4:15 p.m.4 views

CVE-2023-36287

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter...

6.1CVSS6.4AI score0.01199EPSS
Exploits1References3
NVD
NVD
added 2023/06/23 4:15 p.m.15 views

CVE-2023-36284

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...

7.5CVSS8.1AI score0.03157EPSS
Exploits1References1
NVD
NVD
added 2023/06/23 4:15 p.m.29 views

CVE-2023-36287

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter...

6.1CVSS6AI score0.01199EPSS
Exploits1References1
OSV
OSV
added 2023/06/23 4:15 p.m.13 views

CVE-2023-36284

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...

7.5CVSS8.6AI score
Exploits0References1
OSV
OSV
added 2023/06/23 4:15 p.m.12 views

CVE-2023-36287

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter...

6.1CVSS6AI score
Exploits0References1
Prion
Prion
added 2023/06/23 4:15 p.m.25 views

Cross site scripting

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter...

5.8CVSS5.9AI score0.01199EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2023/06/23 3:15 p.m.19 views

CVE-2023-36289

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...

6.1CVSS6AI score0.01169EPSS
Exploits1References1
NVD
NVD
added 2023/06/23 3:15 p.m.19 views

CVE-2023-36288

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter...

5.4CVSS5.3AI score0.00444EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/06/23 3:15 p.m.7 views

CVE-2023-36289

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...

6.1CVSS6.4AI score0.01169EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/06/23 3:15 p.m.5 views

CVE-2023-36288

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter...

5.4CVSS6AI score0.00444EPSS
Exploits1References2
OSV
OSV
added 2023/06/23 3:15 p.m.15 views

CVE-2023-36288

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter...

5.4CVSS6AI score
Exploits0References1
OSV
OSV
added 2023/06/23 3:15 p.m.7 views

CVE-2023-36289

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...

6.1CVSS6AI score
Exploits0References1
Prion
Prion
added 2023/06/23 3:15 p.m.21 views

Cross site scripting

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...

5.8CVSS5.9AI score0.01169EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/06/23 3:15 p.m.14 views

Cross site scripting

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter...

4.9CVSS5.3AI score0.00444EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/23 12:0 a.m.10 views

CVE-2023-36289

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter...

6AI score0.01169EPSS
Exploits1References1
CVE
CVE
added 2023/06/23 12:0 a.m.64 views

CVE-2023-36287

Webkul QloApps 1.6.0 is affected by an unauthenticated Cross‑Site Scripting (XSS) vulnerability. The issue enables an attacker to exfiltrate a user’s session cookie and impersonate the user via a POST controller parameter. Evidence appears in the Nuclei template for CVE-2023-36287 and mirrors oth...

6.1CVSS5.9AI score0.01199EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/23 12:0 a.m.8 views

PT-2023-25514 · Webkul · Webkul Qloapps

Name of the Vulnerable Software and Affected Versions: Webkul QloApps version 1.6.0 Description: The issue is related to an unauthenticated Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to obtain a user's session cookie, which can then be used to impersonate the...

6.1CVSS6AI score0.01169EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/23 12:0 a.m.19 views

CVE-2023-36284

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...

8.3AI score0.03157EPSS
Exploits1References1
CVE
CVE
added 2023/06/23 12:0 a.m.50 views

CVE-2023-36288

The CVE-2023-36288 issue affects Webkul QloApps v1.6.0 and is an unauthenticated Cross-Site Scripting (XSS) flaw in the configure parameter of a GET request. The underlying risk is that an attacker can steal a user’s session cookie and impersonate that user. There is no explicit evidence of explo...

5.4CVSS5.3AI score0.00444EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/06/23 12:0 a.m.65 views

CVE-2023-36289

Webkul QloApps 1.6.0 is affected by an unauthenticated Cross-Site Scripting (XSS) vulnerability that allows an attacker to obtain a user’s session cookie and impersonate the user via POST email_create and back parameter. Impact: potential session hijacking and user impersonation. Remediation: app...

6.1CVSS5.9AI score0.01169EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder