Filtered by vendor Webkul
Subscribe
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37636 | 1 Webkul | 1 Uvdesk | 2023-10-30 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket. | |||||
| CVE-2023-39147 | 1 Webkul | 1 Uvdesk | 2023-08-04 | N/A | 7.8 HIGH |
| An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. | |||||
| CVE-2023-36284 | 1 Webkul | 1 Qloapps | 2023-06-30 | N/A | 7.5 HIGH |
| An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. | |||||
| CVE-2023-36287 | 1 Webkul | 1 Qloapps | 2023-06-29 | N/A | 6.1 MEDIUM |
| An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter. | |||||
| CVE-2023-36288 | 1 Webkul | 1 Qloapps | 2023-06-29 | N/A | 5.4 MEDIUM |
| An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter. | |||||
| CVE-2023-36289 | 1 Webkul | 1 Qloapps | 2023-06-29 | N/A | 6.1 MEDIUM |
| An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter. | |||||
| CVE-2021-41924 | 1 Webkul | 1 Krayin | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2019-16403 | 1 Webkul | 1 Bagisto | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. | |||||
| CVE-2019-14933 | 1 Webkul | 1 Bagisto | 2019-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| Bagisto 0.1.5 allows CSRF under /admin URIs. | |||||
| CVE-2010-1659 | 2 Joomla, Webkul | 2 Joomla\!, Com Ultimateportfolio | 2017-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||