CVE-2023-36289: XSS
First published: Fri Jun 23 2023(Updated: )
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webkul QloApps | =1.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-36289.
What is the severity of CVE-2023-36289?
The severity of CVE-2023-36289 is medium (6.1).
What is affected by CVE-2023-36289?
Webkul QloApps version 1.6.0 is affected by CVE-2023-36289.
How does CVE-2023-36289 work?
CVE-2023-36289 is an unauthenticated Cross-Site Scripting (XSS) vulnerability that allows an attacker to obtain a user's session cookie and impersonate the user via POST email_create and back parameter.
Is there a fix available for CVE-2023-36289?
Currently, there is no known fix available for CVE-2023-36289. It is recommended to follow secure coding practices and consider upgrading to a newer version of Webkul QloApps if one becomes available.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/webkul
- canonical/webkul qloapps
- version/webkul qloapps/1.6.0