Webkul

Bagisto

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-62415

Exploit
  • EPSS 0.05%
  • Veröffentlicht 16.10.2025 18:36:51
  • Zuletzt bearbeitet 22.10.2025 17:21:31

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted HTML file containing embedded JavaScript. When viewed, the ...

4.8

CVE-2025-62418

Exploit
  • EPSS 0.05%
  • Veröffentlicht 16.10.2025 18:35:06
  • Zuletzt bearbeitet 22.10.2025 16:55:04

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted SVG file containing embedded JavaScript. When viewed, the m...

4.8

CVE-2025-62414

Exploit
  • EPSS 0.05%
  • Veröffentlicht 16.10.2025 18:33:03
  • Zuletzt bearbeitet 22.10.2025 17:21:50

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature (in the admin panel) is vulnerable to Cross-Site Scripting (XSS). An attacker with access to the admin create-customer form can inject maliciou...

6.8

CVE-2025-62416

Exploit
  • EPSS 0.17%
  • Veröffentlicht 16.10.2025 18:32:55
  • Zuletzt bearbeitet 22.10.2025 17:06:55

Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This a...

7.8

CVE-2025-62417

Exploit
  • EPSS 0.14%
  • Veröffentlicht 16.10.2025 18:32:45
  • Zuletzt bearbeitet 22.10.2025 17:00:09

Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example =, +, -, or @) is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadshee...

6.5

CVE-2025-56426

Exploit
  • EPSS 0.13%
  • Veröffentlicht 09.10.2025 00:00:00
  • Zuletzt bearbeitet 30.10.2025 14:30:40

An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly.

6.1

CVE-2025-40675

  • EPSS 0.02%
  • Veröffentlicht 09.06.2025 09:42:18
  • Zuletzt bearbeitet 06.10.2025 19:55:19

A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/sea...

6.5

CVE-2023-36238

Exploit
  • EPSS 0.15%
  • Veröffentlicht 13.03.2024 21:15:53
  • Zuletzt bearbeitet 14.04.2025 13:13:25

Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter.

6.5

CVE-2024-27499

Exploit
  • EPSS 0.07%
  • Veröffentlicht 01.03.2024 16:15:46
  • Zuletzt bearbeitet 11.08.2025 16:15:29

Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.

8.8

CVE-2023-36237

Exploit
  • EPSS 0.18%
  • Veröffentlicht 26.02.2024 22:15:06
  • Zuletzt bearbeitet 11.04.2025 20:20:35

Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script.