Vulnerability Database
296,663
Total vulnerabilities in the database
CVE-2025-60880
An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in the browser, potentially leading to session hijacking, data theft, or unauthorized actions.
| Software | From | Fixed in |
|---|---|---|
bagisto / bagisto
|
2.3.6 | 2.3.6.x |
|
bagisto / bagisto
|
2.3.6 | 2.3.7 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime