Qloapps Security Vulnerabilities and Issues — Qloapps CVE List

cve

CVE-2023-30256

Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.

6.1CVSS

5.8AI Score

0.011EPSS

2023-05-11 11:15 AM

22

cve

CVE-2023-36284

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database.

7.5CVSS

8.1AI Score

0.005EPSS

2023-06-23 04:15 PM

13

cve

CVE-2023-36287

An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.

6.1CVSS

5.9AI Score

0.001EPSS

2023-06-23 04:15 PM

21

cve

CVE-2023-36288

An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter.

5.4CVSS

5.3AI Score

0.001EPSS

2023-06-23 03:15 PM

26

cve

CVE-2023-36289

An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.

6.1CVSS

5.9AI Score

0.001EPSS

2023-06-23 03:15 PM

31

Qloapps Security Vulnerabilities - 2023