Cross Site Scripting Vulnerability in Webkul QloApps Affecting Your Location Search
CVE-2025-1155

5.3MEDIUM

Key Information:

Vendor

Webkul

Status
Qloapps
Vendor
CVE Published:
10 February 2025

What is CVE-2025-1155?

A cross site scripting vulnerability has been identified in Webkul's QloApps version 1.6.1 specifically affecting the 'Your Location Search' component. The flaw allows attackers to execute arbitrary scripts in the context of a user’s session, which can lead to session hijacking, defacement, or redirection to malicious sites. An attacker can exploit this vulnerability remotely, posing a significant risk to users interacting with the compromised feature. Future updates may include remediation strategies, and users are advised to monitor for any announcements regarding patches or workarounds.

Affected Version(s)

QloApps 1.6.1

References

https://vuldb.com/?id.295059
vdb-entry
https://vuldb.com/?ctiid.295059
signaturepermissions-required
https://vuldb.com/?submit.492777
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mahendravarman (VulDB User)
.