Lucene search
K

269 matches found

CVE
CVE
added 6 days ago9 views

CVE-2026-60120

Bagisto CVE-2026-60120 affects Bagisto before 2.4.4. It is a stored XSS via client-side template injection: an unauthenticated attacker registers a customer with malicious payload in the first or last name, causing the Create Order page to render in administrator browsers and execute arbitrary Ja...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42694

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. Th...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-60120 Bagisto < 2.4.4 Stored XSS via CSTI in create.blade.php

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. Th...

5.4CVSS0.00201EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-60120

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. Th...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.13 views

CVE-2026-9506

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/08 11:19 a.m.3 views

Directory Traversal

Overview bagisto/bagisto is a hand tailored E-Commerce framework designed on some opensource technologies such as Laravel a PHP framework, Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Directory Traversal via ImageCacheController component. An...

8.7CVSS6.5AI score0.00455EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 10:16 a.m.14 views

CVE-2026-9506

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS0.00455EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 9:28 a.m.7 views

CVE-2026-9506 Path Traversal Vulnerability in Bagisto

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 9:28 a.m.6 views

CVE-2026-9506

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/08 9:28 a.m.44 views

CVE-2026-9506 Path Traversal Vulnerability in Bagisto

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS0.00455EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 9:28 a.m.40 views

CVE-2026-9506

The CVE-2026-9506 issue affects Bagisto in the ImageCacheController where improper validation of user-supplied input enables path traversal via the filename parameter. This unauthenticated remote attacker could read arbitrary sensitive files outside the intended directory, as stated in the connec...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.17 views

PT-2026-47266

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

Bagisto 路径遍历漏洞

Bagisto is an open-source e-commerce framework developed by Webkul Software in India. Bagisto has a path traversal vulnerability. This vulnerability stems from improper validation of user inputs in the ImageCacheController component. It allows unauthenticated remote attackers to send specially...

8.7CVSS5.4AI score0.00455EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.12 views

CVE-2026-6745

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may...

5.1CVSS4.1AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 p.m.8 views

CVE-2026-6744

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/22 5:6 p.m.10 views

Server-side Request Forgery (SSRF)

Overview bagisto/bagisto is a hand tailored E-Commerce framework designed on some opensource technologies such as Laravel a PHP framework, Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the copy function of the...

6.5CVSS6.6AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 9:31 p.m.10 views

EUVD-2026-24241

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/21 9:31 p.m.8 views

EUVD-2026-24243

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may...

5.1CVSS4.4AI score0.00191EPSS
Exploits0References5
OSV
OSV
added 2026/04/21 9:31 p.m.7 views

GHSA-65FP-7G2V-658R Bagisto affected by Cross-site Scripting

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may...

5.1CVSS4.4AI score0.00191EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/21 9:31 p.m.11 views

Bagisto affected by Cross-site Scripting

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may...

5.1CVSS4.4AI score0.00191EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder