Unauthenticated Cross-Site Scripting Vulnerability in Webkul QloApps
CVE-2023-36289
6.1MEDIUM
Summary
An unauthenticated Cross-Site Scripting vulnerability in Webkul QloApps version 1.6.0 enables attackers to exploit the application by injecting malicious scripts. This flaw allows attackers to obtain users' session cookies, potentially facilitating user impersonation. The attack can be executed through the 'POST' requests made via the 'email_create' and 'back' parameters, posing significant risks to user security and data integrity.
References
EPSS Score
17% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved