CVE-2025-26058

Published Feb 18, 2025

Last updated 2 months ago

CVSS medium 4.2

Overview

Description: Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.
Source: cve@mitre.org
NVD status: Analyzed
Products: qloapps

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.2
Impact score: 3.4
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-598

Hype score: Not currently trending

CVE-2025-26058 Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends se… https://t.co/o70PKJibKc
@CVEnew
18 Feb 2025
153 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:webkul:qloapps:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A58133B7-029B-4E77-8470-C28C0F8CBC35"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.