CVE-2025-1155

Webkul QloApps Your Location Search stores cross site scripting

CVSS 5.3 MEDIUMEPSS 0.5%CWE-79 CWE-94

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 fev 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove this page in the long term.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Webkul · QloApps

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/mano257200/Qloapp-XSS-Vulnerability/tree/main https://vuldb.com/?ctiid.295059 https://vuldb.com/?id.295059 https://vuldb.com/?submit.492777