CVE-2025-1155

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove this page in the long term.

CVSS v3 4.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/mano257200/Qloapp-XSS-Vulnerability/tree/main	Exploit Third Party Advisory
https://vuldb.com/?ctiid.295059	Permissions Required VDB Entry
https://vuldb.com/?id.295059	Third Party Advisory VDB Entry
https://vuldb.com/?submit.492777	Third Party Advisory VDB Entry
https://github.com/mano257200/Qloapp-XSS-Vulnerability/tree/main	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:webkul:qloapps:1.6.1:*:*:*:*:*:*:*

History

20 Jun 2025, 17:02

Type	Values Removed	Values Added
References	~~() https://github.com/mano257200/Qloapp-XSS-Vulnerability/tree/main -~~	() https://github.com/mano257200/Qloapp-XSS-Vulnerability/tree/main - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.295059 -~~	() https://vuldb.com/?ctiid.295059 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.295059 -~~	() https://vuldb.com/?id.295059 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.492777 -~~	() https://vuldb.com/?submit.492777 - Third Party Advisory, VDB Entry
CPE		cpe:2.3:a:webkul:qloapps:1.6.1:::::::*
First Time		Webkul Webkul qloapps
Summary		(es) En Webkul QloApps 1.6.1 se ha detectado una vulnerabilidad clasificada como problemática que afecta a una parte desconocida del archivo /stores del componente Your Location Search. La manipulación provoca cross site scripting. Es posible iniciar el ataque de forma remota. Está previsto eliminar esta página a largo plazo.

10 Feb 2025, 21:15

Type	Values Removed	Values Added
References	~~() https://github.com/mano257200/Qloapp-XSS-Vulnerability/tree/main -~~	() https://github.com/mano257200/Qloapp-XSS-Vulnerability/tree/main -

10 Feb 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-10 20:15

Updated : 2025-06-20 17:02

NVD link : CVE-2025-1155

Mitre link : CVE-2025-1155

CVE.ORG link : CVE-2025-1155

JSON object : View

Products Affected

webkul

qloapps

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2025-1155

4.3^/10

5.0^/10

Attach tags to `CVE-2025-1155`