Unrated severityNVD Advisory· Published Jun 23, 2023· Updated Nov 29, 2024
CVE-2023-36288
CVE-2023-36288
Description
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.