Webkul: >> Bagisto Security Vulnerabilities
A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-06-09
Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-13
Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-01
Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-02-26
Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-01-16
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
CVSS Score
8.8
EPSS Score
0.004
Published
2023-06-28
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-09-18
Bagisto 0.1.5 allows CSRF under /admin URIs.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-11