bagisto/bagisto Security Advisories for 1.x-dev (6)
-
[MEDIUM] bagisto has Cross Site Scripting (XSS) in Create New Customer
PKSA-9w6g-8v1f-df8w CVE-2025-62414 GHSA-r9xj-mvqf-jm7w
Affected version: <=2.3.7
Reported by:
GitHub -
[CRITICAL] bagisto has CSV Formula Injection in Create New Product
PKSA-25zg-f27r-886n CVE-2025-62417 GHSA-jqrp-58fv-w8cq
Affected version: <=2.3.7
Reported by:
GitHub -
[MEDIUM] bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)
PKSA-29h4-8qhb-8hq4 CVE-2025-62418 GHSA-fg89-g389-p346
Affected version: <=2.3.7
Reported by:
GitHub -
[MEDIUM] bagisto has Server Side Template Injection (SSTI) in Product Description
PKSA-tfym-n9wv-r1z9 CVE-2025-62416 GHSA-527q-4wqv-g9wj
Affected version: <=2.3.7
Reported by:
GitHub -
[MEDIUM] bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
PKSA-wxrw-qyv9-p442 CVE-2025-62415 GHSA-67px-r26w-598x
Affected version: <=2.3.7
Reported by:
GitHub -
[MEDIUM] Bagist Cross-site Scripting vulnerability
PKSA-77rb-vgws-7fh6 CVE-2024-27499 GHSA-w5mx-334j-6fwv
Affected version: <2.1.0
Reported by:
GitHub