QloApps — Vulnerabilities & Security Advisories 6

All 6 CVE vulnerabilities found in QloApps, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-25558	QloApps 1.7.0 Stored XSS via SVG File Upload in Admin File Manager CWE-79	4.8	Medium	2026-06-08
CVE-2026-25861	QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php CWE-916	5.9	Medium	2026-06-02
CVE-2025-10759	Webkul QloApps CSRF Token authorization CWE-639	5.3	Medium	2025-09-21
CVE-2025-6173	Webkul QloApps ajax_products_list.php sql injection CWE-89	4.7	Medium	2025-06-17
CVE-2025-1155	Webkul QloApps Your Location Search stores cross site scripting CWE-79	4.3	Medium	2025-02-10
CVE-2025-1074	Webkul QloApps URL mylogout cross-site request forgery CWE-352	4.3	Medium	2025-02-06

All 6 known CVE vulnerabilities affecting QloApps with full Chinese analysis, references, and POCs where available.