Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bagisto vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-36236
Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an malicious user to execute arbitrary code via a crafted SVG file uplad.
Webkul Bagisto
8.8
CVSSv3
CVE-2019-16403
In Webkul Bagisto prior to 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
Webkul Bagisto
8.8
CVSSv3
CVE-2023-33570
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
Webkul Bagisto 1.5.1
8.8
CVSSv3
CVE-2019-14933
Bagisto 0.1.5 allows CSRF under /admin URIs.
Webkul Bagisto 0.1.5
NA
CVE-2024-27499
Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.
NA
CVE-2023-36238
Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an malicious user to obtain sensitive information via the invoice ID parameter.
NA
CVE-2023-36237
Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an malicious user to execute arbitrary code via a crafted HTML script.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started