CVE-2023-36287: XSS
First published: Fri Jun 23 2023(Updated: )
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webkul QloApps | =1.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-36287?
CVE-2023-36287 is an unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0.
How does CVE-2023-36287 affect Webkul QloApps?
CVE-2023-36287 allows an attacker to obtain a user's session cookie and impersonate that user via POST controller parameter.
What is the severity of CVE-2023-36287?
CVE-2023-36287 has a severity level of medium, with a CVSS score of 6.1.
How can I fix CVE-2023-36287 in Webkul QloApps 1.6.0?
To fix CVE-2023-36287, update to a version of QloApps that addresses this vulnerability or apply the necessary patches provided by Webkul.
Where can I find more information about CVE-2023-36287?
You can find more information about CVE-2023-36287 at this link: [https://flashy-lemonade-192.notion.site/Cross-site-scripting-via-controller-parameter-in-QloApps-1-6-0-97e409ce164f40d195b625b9bf719900?pvs=4].
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/author
- agent/source
- vendor/webkul
- canonical/webkul qloapps
- version/webkul qloapps/1.6.0