Vulnerabilities > Webkul
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-23 | CVE-2023-36287 | Cross-site Scripting vulnerability in Webkul Qloapps 1.6.0 An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter. | 6.1 |
| 2023-06-23 | CVE-2023-36288 | Cross-site Scripting vulnerability in Webkul Qloapps 1.6.0 An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter. | 5.4 |
| 2023-06-23 | CVE-2023-36289 | Cross-site Scripting vulnerability in Webkul Qloapps 1.6.0 An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter. | 6.1 |
| 2023-05-27 | CVE-2023-2925 | Cross-site Scripting vulnerability in Webkul Krayin CRM 1.2.4 A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. | 5.4 |
| 2023-05-11 | CVE-2023-30256 | Cross-site Scripting vulnerability in Webkul Qloapps 1.5.2 Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file. | 6.1 |
| 2022-06-21 | CVE-2021-41924 | Cross-site Scripting vulnerability in Webkul Krayin Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
| 2019-09-18 | CVE-2019-16403 | Authorization Bypass Through User-Controlled Key vulnerability in Webkul Bagisto In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. | 8.8 |
| 2019-08-11 | CVE-2019-14933 | Cross-Site Request Forgery (CSRF) vulnerability in Webkul Bagisto 0.1.5 Bagisto 0.1.5 allows CSRF under /admin URIs. | 8.8 |