exploitDog

CVE-2025-40675

Опубликовано: 09 июн. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-bagisto
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webkul:bagisto:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.2.3 (исключая)

EPSS

Процентиль: 6%

0.00025

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-v7mq-jjjq-c7p3

CVSS3: 6.1

github

8 месяцев назад

A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

EPSS

Процентиль: 6%

0.00025

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79