Vulnerabilities > Webkul > Bagisto
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-36236 | Cross-site Scripting vulnerability in Webkul Bagisto Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad. | 4.8 |
| 2023-06-28 | CVE-2023-33570 | Unspecified vulnerability in Webkul Bagisto 1.5.1 Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI). | 8.8 |
| 2019-09-18 | CVE-2019-16403 | Authorization Bypass Through User-Controlled Key vulnerability in Webkul Bagisto In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. | 6.5 |
| 2019-08-11 | CVE-2019-14933 | Cross-Site Request Forgery (CSRF) vulnerability in Webkul Bagisto 0.1.5 Bagisto 0.1.5 allows CSRF under /admin URIs. | 6.8 |