Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize `<script>` tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be stored in the CMS content and executed whenever the page is viewed or edited. This exposes administrators to a high-severity risk, including complete account takeover, backend hijacking, and malicious script execution. Version 2.3.10 fixes the issue.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Bagisto 跨站脚本漏洞

Bagisto是印度Webkul Software开源的一套开源的电子商务框架。 Bagisto 2.3.10之前版本存在跨站脚本漏洞，该漏洞源于CMS页面编辑器存在存储型跨站脚本，可能导致账户接管。

N/A

N/A