CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-62415

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. This vulnerability is fixed in 2.3.8.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.3%

CVSS Severity

CVSS v3 Score 6.9

References

https://github.com/bagisto/bagisto/security/advisories/GHSA-67px-r26w-598x
https://github.com/bagisto/bagisto/security/advisories/GHSA-67px-r26w-598x

Products affected by CVE-2025-62415

Webkul » Bagisto » Version: 2.3.7

cpe:2.3:a:webkul:bagisto:2.3.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-62415

Products

Pricing

Contact Us