Unauthenticated Cross-Site Scripting Vulnerability in Webkul QloApps
CVE-2023-36289
6.1MEDIUM
What is CVE-2023-36289?
An unauthenticated Cross-Site Scripting vulnerability in Webkul QloApps version 1.6.0 enables attackers to exploit the application by injecting malicious scripts. This flaw allows attackers to obtain users' session cookies, potentially facilitating user impersonation. The attack can be executed through the 'POST' requests made via the 'email_create' and 'back' parameters, posing significant risks to user security and data integrity.
