Webkul Bagisto 2.3.6
Approved changes feed: RSS · Atom
cpe:2.3:a:webkul:bagisto:2.3.6:*:*:*:*:*:*:*
part: a version: 2.3.6 update: *
| Vendor | Webkul (08ad6940-8efb-5f93-af42-cb470e3ac46e) |
|---|---|
| Product | Bagisto (c027c149-cff7-5719-8b92-91afba0e0481) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:bitbucket/zaid1102/bagisto |
purl2cpe | 2026-06-01 10:12:35.207319 |
pkg:github/bagisto/bagisto |
purl2cpe | 2026-06-01 10:12:35.207320 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-60880 |
vulnerable | 2026-06-08 07:37:27.401822 |
Details available
HIGH (8.3)
An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in the browser, potentially leading to session hijacking, data theft, or unauthorized actions.
Published: 2025-10-10T00:00:00.000Z
Updated: 2025-10-17T16:49:39.186Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-56426 |
vulnerable | 2026-06-08 07:33:15.622950 |
Details available
An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly.
Published: 2025-10-09T00:00:00.000Z
Updated: 2025-10-09T19:10:53.669Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.