Lucene search
K

5 matches found

Veracode
Veracode
added 2025/12/13 5:45 a.m.7 views

Cross-site Scripting (XSS)

Bagisto is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation of uploaded files in the TinyMCE image upload functionality, which allows an attacker with sufficient privileges to upload a crafted HTML file containing JavaScript that executes in a user’s...

6.9CVSS5.5AI score0.00255EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/10/16 7:15 p.m.5 views

CVE-2025-62415

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS0.00255EPSS
Exploits1References1
OSV
OSV
added 2025/10/16 6:36 p.m.6 views

CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...

6.9CVSS7AI score0.00255EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/10/16 6:12 p.m.8 views

bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)

Summary In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. Details The application...

6.9CVSS7AI score0.00255EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.4 views

Webkul Software Bagisto 安全漏洞

Webkul Software Bagisto is an open source e-commerce framework from the Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto version 2.3.7, which stems from the TinyMCE image upload feature that allows the upload of specially crafted SVG files, which could le...

6.9CVSS5.9AI score0.00255EPSS
Exploits1References2
Rows per page
Query Builder