Количество 2
Количество 2
CVE-2025-62415
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. This vulnerability is fixed in 2.3.8.
GHSA-67px-r26w-598x
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-62415 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. This vulnerability is fixed in 2.3.8. | CVSS3: 6.9 | 0% Низкий | 4 месяца назад |
| GHSA-67px-r26w-598x bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML) | CVSS3: 6.9 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу