Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Bagisto — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in Bagisto, with AI-generated Chinese analysis, references, and POCs.

Vendor: Bagisto

CVE IDTitleCVSSSeverityPaused
CVE-2026-6745 Bagisto Custom Scripts cross site scripting CWE-79 3.5 Low2026-04-21
CVE-2026-6744 Bagisto Downloadable Link copy server-side request forgery CWE-918 6.3 Medium2026-04-21
CVE-2026-21450 Bagisto has SSTI in parameter that can lead to RCE CWE-1336 9.8 -2026-01-02
CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS CWE-79 5.4 -2026-01-02
CVE-2026-21449 Bagisto has SSTI via first and last name from low-privilege user (not admin) CWE-1336 9.9 -2026-01-02
CVE-2026-21448 Bagisto has Normal & Blind SSTI from low-privilege user when ordering product CWE-1336 8.8 -2026-01-02
CVE-2026-21447 Bagisto has IDOR in Customer Order Reorder Functionality CWE-284 7.1 High2026-01-02
CVE-2026-21446 Bagisto Missing Authentication on Installer API Endpoints CWE-306 9.8 -2026-01-02
CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML) CWE-80 6.9 Medium2025-10-16
CVE-2025-62418 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG) CWE-80 6.9 Medium2025-10-16
CVE-2025-62414 bagisto - Cross Site Scripting (XSS) in Create New Customer CWE-80 6.9 Medium2025-10-16
CVE-2025-62416 bagisto - Server Side Template Injection (SSTI) in Product Description CWE-94 5.1 Medium2025-10-16
CVE-2025-62417 bagisto - CSV Formula Injection in Create New Product CWE-1236 7.8AIHighAI2025-10-16
CVE-2025-40675 Reflected Cross-Site Scripting (XSS) in Bagisto CWE-79 6.1AIMediumAI2025-06-09

All 14 known CVE vulnerabilities affecting Bagisto with full Chinese analysis, references, and POCs where available.