Cross Site Scripting Vulnerability in Webkul QloApps Affecting Your Location Search
CVE-2025-1155

5.3MEDIUM

Key Information:

Vendor: Webkul
Status: Qloapps
Vendor: CVE Published:; 10 February 2025

What is CVE-2025-1155?

A cross site scripting vulnerability has been identified in Webkul's QloApps version 1.6.1 specifically affecting the 'Your Location Search' component. The flaw allows attackers to execute arbitrary scripts in the context of a user’s session, which can lead to session hijacking, defacement, or redirection to malicious sites. An attacker can exploit this vulnerability remotely, posing a significant risk to users interacting with the compromised feature. Future updates may include remediation strategies, and users are advised to monitor for any announcements regarding patches or workarounds.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch