CVE-2025-1155: Webkul QloApps Your Location Search stores cross site scripting
First published: Mon Feb 10 2025(Updated: )
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove this page in the long term.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QloApps |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1155?
CVE-2025-1155 is classified as problematic due to its cross site scripting capabilities.
How do I fix CVE-2025-1155?
To fix CVE-2025-1155, ensure to sanitize and validate user inputs in the Your Location Search component.
What impact does CVE-2025-1155 have on Webkul QloApps?
CVE-2025-1155 allows attackers to potentially execute arbitrary scripts in the context of a user's session.
Is remote exploitation possible with CVE-2025-1155?
Yes, CVE-2025-1155 can be exploited remotely, enabling threats from untrusted sources.
Which version of Webkul QloApps is affected by CVE-2025-1155?
CVE-2025-1155 affects Webkul QloApps version 1.6.1.
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/source
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/webkul
- canonical/qloapps