Vulnerability Database

Published: Mar 1, 2024
Updated: May 4, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-27499" target="_blank" rel="noopener"> CVE-2024-27499
GHSA: <a href="https://github.com/advisories/GHSA-w5mx-334j-6fwv" target="_blank" rel="noopener"> GHSA-w5mx-334j-6fwv
Severity: Medium
Exploit:

296,663

Total vulnerabilities in the database

Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.

CVSS v3:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
bagisto / bagisto	-	2.1.0
webkul / bagisto	1.5.1	1.5.1.x

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.