Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webkul vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-36287
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an malicious user to obtain a user's session cookie and then impersonate that user via POST controller parameter.
Webkul Qloapps 1.6.0
5.4
CVSSv3
CVE-2023-36288
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an malicious user to obtain a user's session cookie and then impersonate that user via GET configure parameter.
Webkul Qloapps 1.6.0
6.1
CVSSv3
CVE-2023-36289
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an malicious user to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.
Webkul Qloapps 1.6.0
8.8
CVSSv3
CVE-2023-33570
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
Webkul Bagisto 1.5.1
5.4
CVSSv3
CVE-2023-2925
A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting...
Webkul Krayin Crm 1.2.4
9.8
CVSSv3
CVE-2023-51210
SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote malicious user to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function.
Webkul Bundle Product 6.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2