CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Webkul: >> Bagisto >> 2.3.7 Security Vulnerabilities

CVE-2025-62418

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. This vulnerability is fixed in 2.3.8.

CVSS Score

6.9

EPSS Score

0.001

Published

2025-10-16

Page 2

Vulnerabilities

Vulnerable Software

Webkul: >> Bagisto >> 2.3.7 Security Vulnerabilities

Products

Pricing

Contact Us