7 matches found
CVE-2025-62416
Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privilege...
EUVD-2025-34816
bagisto has Server Side Template Injection SSTI in Product Description...
bagisto has Server Side Template Injection (SSTI) in Product Description
Summary Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privileges to inject arbitrary template expressions tha...
CVE-2025-62416
Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privilege...
CVE-2025-62416 bagisto - Server Side Template Injection (SSTI) in Product Description
Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privilege...
CVE-2025-62416
Bagisto v2.3.7 is affected by Server-Side Template Injection (SSTI) in product descriptions due to unsanitized user input being rendered by Laravel Blade. With product-creation privileges, an attacker can inject template expressions that the backend evaluates, potentially enabling Remote Code Exe...
Grocy Cross-Site Scripting Vulnerability
Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A cross-site scripting vulnerability exists in Grocy version v.4.0.3, which stems from a cross-site scripting XSS vulnerability in the product description component of the api/stock/products endpoint. An...