Vulnerability — CVE-2023-36288

CVE-2023-36288

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-36288
Description:: An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter.
Last updated date:: 06/29/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/29/2023
Reference url to background: https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-admin-dashboard-via-configure-parameter-in-QloApps-1-6-0-b6303661ac6a47e4b7a6f23cf2818a52?pvs=4