Количество 2
Количество 2
CVE-2025-62418
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. This vulnerability is fixed in 2.3.8.
GHSA-fg89-g389-p346
bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-62418 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. This vulnerability is fixed in 2.3.8. | CVSS3: 6.9 | 0% Низкий | 4 месяца назад |
| GHSA-fg89-g389-p346 bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG) | CVSS3: 6.9 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу