CVE-2026-21446 Bagisto Missing Authentication on Installer API Endpoints

Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The underlying API endpoints /install/api/ are directly accessible and exploitable without any authentication. An attacker can...

Bagisto 跨站脚本漏洞

Bagisto is an open source e-commerce framework open sourced by Webkul Software in India. A cross-site scripting vulnerability exists in Bagisto versions prior to 2.3.10, which stems from the presence of stored cross-site scripting in the CMS page editor, which could lead to account takeover...