915 matches found
CVE-2025-62418
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...
CVE-2025-62415
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...
CVE-2025-62415
Bagisto v2.3.7 contains a Cross-Site Scripting (XSS) vulnerability in the TinyMCE image upload feature. An attacker with upload privileges (e.g., an admin) can upload a crafted HTML file containing embedded JavaScript, which executes in the context of the admin or viewer’s browser when opened. Th...
CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...
CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...
CVE-2025-62418 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...
CVE-2025-62418 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...
CVE-2025-62418 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...
EUVD-2025-34810
bagisto has Cross Site Scripting XSS issue in TinyMCE Image Upload HTML...
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
Summary In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. Details The application...
GHSA-67PX-R26W-598X bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
Summary In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. Details The application...
Webkul Software Bagisto 安全漏洞
Webkul Software Bagisto is an open source e-commerce framework from the Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto version 2.3.7, which stems from the TinyMCE image upload feature that allows the upload of specially crafted SVG files, which could le...
Webkul Software Bagisto 安全漏洞
Webkul Software Bagisto is an open source e-commerce framework from the Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto version 2.3.7, which stems from the TinyMCE image upload feature that allows the upload of specially crafted HTML files, which could...
EUVD-2020-21953
Malware in sbrugna...
EUVD-2021-2389
Malware in sbrugna...
EUVD-2021-0519
Malware in sbrugna...
EUVD-2014-3782
Malware in sbrugna...
EUVD-2011-5047
Malware in sbrugna...
EUVD-2006-0310
Malware in sbrugna...
EUVD-2009-2039
Malware in sbrugna...