bagisto/bagisto Security Advisories for v0.1.4-BETA3 (11)
-
[MEDIUM] bagisto has Cross Site Scripting (XSS) in Create New Customer
PKSA-9w6g-8v1f-df8w CVE-2025-62414 GHSA-r9xj-mvqf-jm7w
Affected version: <=2.3.7
Reported by:
GitHub -
[CRITICAL] bagisto has CSV Formula Injection in Create New Product
PKSA-25zg-f27r-886n CVE-2025-62417 GHSA-jqrp-58fv-w8cq
Affected version: <=2.3.7
Reported by:
GitHub -
[MEDIUM] bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)
PKSA-29h4-8qhb-8hq4 CVE-2025-62418 GHSA-fg89-g389-p346
Affected version: <=2.3.7
Reported by:
GitHub -
[MEDIUM] bagisto has Server Side Template Injection (SSTI) in Product Description
PKSA-tfym-n9wv-r1z9 CVE-2025-62416 GHSA-527q-4wqv-g9wj
Affected version: <=2.3.7
Reported by:
GitHub -
[MEDIUM] bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
PKSA-wxrw-qyv9-p442 CVE-2025-62415 GHSA-67px-r26w-598x
Affected version: <=2.3.7
Reported by:
GitHub -
[MEDIUM] Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
PKSA-wb8p-jgfr-t7k3 CVE-2023-36238 GHSA-pmc7-hmmw-g96q
Affected version: <1.3.2
Reported by:
GitHub -
[MEDIUM] Bagist Cross-site Scripting vulnerability
PKSA-77rb-vgws-7fh6 CVE-2024-27499 GHSA-w5mx-334j-6fwv
Affected version: <2.1.0
Reported by:
GitHub -
[HIGH] Bagisto Cross-Site Request Forgery vulnerability
PKSA-w4jp-j8db-3n21 CVE-2023-36237 GHSA-7p7q-fjfw-v3gf
Affected version: <1.3.2
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Bagisto
PKSA-8qxk-cvft-wh5z CVE-2023-36236 GHSA-c962-g533-823f
Affected version: <1.3.2
Reported by:
GitHub -
[HIGH] Bagisto CSRF Vulnerability
PKSA-snz4-ktkv-sv86 CVE-2019-14933 GHSA-pgwp-f3xh-m24g
Affected version: <0.1.5
Reported by:
GitHub -
[MEDIUM] Authorization Bypass Through User-Controlled Key in Bagisto
PKSA-m35w-k2t4-s1nv CVE-2019-16403 GHSA-pwrf-q7h8-jjr7
Affected version: <0.1.5
Reported by:
GitHub