Описание
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. This vulnerability is fixed in 2.3.8.
Ссылки
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:webkul:bagisto:2.3.7:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00051
Низкий
6.9 Medium
CVSS3
4.8 Medium
CVSS3
Дефекты
CWE-80
Связанные уязвимости
CVSS3: 6.9
github
4 месяца назад
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
EPSS
Процентиль: 16%
0.00051
Низкий
6.9 Medium
CVSS3
4.8 Medium
CVSS3
Дефекты
CWE-80