CVE-2026-60120
Bagisto CVE-2026-60120 affects Bagisto before 2.4.4. It is a stored XSS via client-side template injection: an unauthenticated attacker registers a customer with malicious payload in the first or last name, causing the Create Order page to render in administrator browsers and execute arbitrary Ja...