Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bagisto — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting Bagisto. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bagisto is an open-source e-commerce platform built on Laravel, enabling businesses to create online stores. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. While no major public security incidents have been widely reported, the 12 documented CVEs highlight ongoing security concerns. The platform's modular architecture introduces potential attack surfaces, particularly in third-party extensions. Regular security updates are recommended, as some vulnerabilities have allowed attackers to execute arbitrary code or compromise administrative accounts, underscoring the need for proper hardening and timely patching.

Top products by Bagisto: Bagisto
CVE IDTitleCVSSSeverityPublished
CVE-2026-21450 Bagisto has SSTI in parameter that can lead to RCE — bagistoCWE-1336 9.8 -2026-01-02
CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS — bagistoCWE-79 5.4 -2026-01-02
CVE-2026-21449 Bagisto has SSTI via first and last name from low-privilege user (not admin) — bagistoCWE-1336 9.9 -2026-01-02
CVE-2026-21448 Bagisto has Normal & Blind SSTI from low-privilege user when ordering product — bagistoCWE-1336 8.8 -2026-01-02
CVE-2026-21447 Bagisto has IDOR in Customer Order Reorder Functionality — bagistoCWE-284 7.1 High2026-01-02
CVE-2026-21446 Bagisto Missing Authentication on Installer API Endpoints — bagistoCWE-306 9.8 -2026-01-02
CVE-2025-62415 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML) — bagistoCWE-80 6.9 Medium2025-10-16
CVE-2025-62418 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG) — bagistoCWE-80 6.9 Medium2025-10-16
CVE-2025-62414 bagisto - Cross Site Scripting (XSS) in Create New Customer — bagistoCWE-80 6.9 Medium2025-10-16
CVE-2025-62416 bagisto - Server Side Template Injection (SSTI) in Product Description — bagistoCWE-94 5.1 Medium2025-10-16
CVE-2025-62417 bagisto - CSV Formula Injection in Create New Product — bagistoCWE-1236 7.8AIHighAI2025-10-16
CVE-2025-40675 Reflected Cross-Site Scripting (XSS) in Bagisto — BagistoCWE-79 6.1AIMediumAI2025-06-09

This page lists every published CVE security advisory associated with Bagisto. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.