Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/10/17 6:44 p.m.16 views

CVE-2025-62416

Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privilege...

6.8CVSS7.6AI score0.00369EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/16 8:28 p.m.7 views

EUVD-2025-34816

bagisto has Server Side Template Injection SSTI in Product Description...

5.1CVSS6.7AI score0.00369EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/10/16 8:28 p.m.13 views

bagisto has Server Side Template Injection (SSTI) in Product Description

Summary Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privileges to inject arbitrary template expressions tha...

6.8CVSS8.1AI score0.00369EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/10/16 7:15 p.m.5 views

CVE-2025-62416

Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privilege...

6.8CVSS0.00369EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/16 6:32 p.m.4 views

CVE-2025-62416 bagisto - Server Side Template Injection (SSTI) in Product Description

Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection SSTI due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privilege...

5.1CVSS7.2AI score0.00369EPSS
Exploits1References1
CVE
CVE
added 2025/10/16 6:32 p.m.17 views

CVE-2025-62416

Bagisto v2.3.7 is affected by Server-Side Template Injection (SSTI) in product descriptions due to unsanitized user input being rendered by Laravel Blade. With product-creation privileges, an attacker can inject template expressions that the backend evaluates, potentially enabling Remote Code Exe...

6.8CVSS7.2AI score0.00369EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.4 views

Grocy Cross-Site Scripting Vulnerability

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A cross-site scripting vulnerability exists in Grocy version v.4.0.3, which stems from a cross-site scripting XSS vulnerability in the product description component of the api/stock/products endpoint. An...

5.4CVSS6.3AI score0.00666EPSS
Exploits1References4
Rows per page
Query Builder