Shodan
Vulnerabilities
Vulnerable Software
Webkul:  Security Vulnerabilities
CVE-2024-45932
Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.
CVSS Score
4.8
EPSS Score
0.0
Published
2024-10-07
CVE-2024-46366
A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-09-27
CVE-2024-46367
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.
CVSS Score
9.6
EPSS Score
0.003
Published
2024-09-27
CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS Score
7.2
EPSS Score
0.104
Published
2024-07-25
CVE-2023-36238
Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-13
CVE-2024-27499
Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-01
CVE-2023-36237
Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-02-26
CVE-2023-51210
SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-01-23
CVE-2023-36235
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-01-17
CVE-2023-36236
Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-01-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved