NotCVE - vendor:"Webkul"

Page 3 of 25 results (0.005 seconds)

CVSS: 6.4EPSS: 58%CPEs: 1EXPL: 3

CVE-2023-30256 – Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2023-30256

11 May 2023 — Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file. Webkul Qloapps version 1.5.2 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/172542 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-41924

https://notcve.org/view.php?id=CVE-2021-41924

21 Jun 2022 — Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS). Webkul krayin crm versiones anteriores a 1.2.2, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) • https://github.com/krayin/laravel-crm/pull/195/commits/882dc2e7e7e9149b96cf1ccacf34900960b92fb7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-16403

https://notcve.org/view.php?id=CVE-2019-16403

18 Sep 2019 — In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. En Webkul Bagisto en versiones anteriores a la 0.1.5, las funcionalidades para que los clientes cambien sus propios valores (como dirección, revisión, pedidos, etc.) también pueden ser manipuladas por otros clientes. • https://github.com/bagisto/bagisto/issues/749 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-14933

https://notcve.org/view.php?id=CVE-2019-14933

11 Aug 2019 — Bagisto 0.1.5 allows CSRF under /admin URIs. Bagisto versión 0.1.5, permite un ataque de tipo CSRF bajo URIs /admin. • https://forums.bagisto.com/category/1/announcements • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 4

CVE-2010-1659 – Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2010-1659

30 Apr 2010 — Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Una vulnerabilidad de salto de directorio en el componente para Joomla! Ultimate Portfolio (com_ultimateportfolio) v1.0 permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/12426 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

1 2 3