[MEDIUM] Bagisto has HTML Filter Bypass that Enables Stored XSS

PKSA-441j-tpq7-k5ms CVE-2026-21451 GHSA-2mwc-h2mg-v6p8

Affected package: bagisto/bagisto

Affected version: <2.3.10

Reported by:
GitHub