CVE-2025-62415
Bagisto v2.3.7 contains a Cross-Site Scripting (XSS) vulnerability in the TinyMCE image upload feature. An attacker with upload privileges (e.g., an admin) can upload a crafted HTML file containing embedded JavaScript, which executes in the context of the admin or viewer’s browser when opened. Th...