bagisto

Top products

The 12 most recently published vulnerabilities affecting bagisto.

• CVE-2026-21450Bagisto has SSTI in parameter that can lead to RCE9.8Jan 2, 2026
• CVE-2026-21451Bagisto has HTML Filter Bypass that Enables Stored XSS8.4Jan 2, 2026
• CVE-2026-21449Bagisto has SSTI via first and last name from low-privilege user (not admin)8.8Jan 2, 2026
• CVE-2026-21448Bagisto has Normal & Blind SSTI from low-privilege user when ordering product9.8Jan 2, 2026
• CVE-2026-21447Bagisto has IDOR in Customer Order Reorder Functionality7.1Jan 2, 2026
• CVE-2026-21446Bagisto Missing Authentication on Installer API Endpoints9.8Jan 2, 2026
• CVE-2025-62415bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)6.9Oct 16, 2025
• CVE-2025-62418bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)6.9Oct 16, 2025
• CVE-2025-62414bagisto - Cross Site Scripting (XSS) in Create New Customer6.9Oct 16, 2025
• CVE-2025-62416bagisto - Server Side Template Injection (SSTI) in Product Description5.1Oct 16, 2025
• CVE-2025-62417bagisto - CSV Formula Injection in Create New Product7.8Oct 16, 2025
• CVE-2025-40675Reflected Cross-Site Scripting (XSS) in Bagisto6.1Jun 9, 2025