CVE-2025-1155

Name of the Vulnerable Software and Affected Versions Webkul QloApps version 1.6.1

Description A problematic vulnerability was found in Webkul QloApps, affecting an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The issue is planned to be addressed by removing the affected page in the long term.

Recommendations For Webkul QloApps version 1.6.1, consider restricting access to the /stores component of Your Location Search until a fix is available. As a temporary workaround, disabling the affected part of the Your Location Search component may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.