Количество 2
Количество 2
CVE-2025-60880
An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in the browser, potentially leading to session hijacking, data theft, or unauthorized actions.
GHSA-29mf-w486-v3vc
Bagisto is vulnerable to XSS through Admin Panel's product creation path
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-60880 An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in the browser, potentially leading to session hijacking, data theft, or unauthorized actions. | CVSS3: 8.3 | 0% Низкий | 6 месяцев назад |
| GHSA-29mf-w486-v3vc Bagisto is vulnerable to XSS through Admin Panel's product creation path | CVSS3: 8.3 | 0% Низкий | 6 месяцев назад |
Уязвимостей на страницу