Vulnerabilities (CVE)

Filtered by vendor Webkul Subscribe
Filtered by product Bagisto
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33570 1 Webkul 1 Bagisto 2024-11-27 N/A 8.8 HIGH
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
CVE-2023-36236 1 Webkul 1 Bagisto 2024-11-21 N/A 4.8 MEDIUM
Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.
CVE-2019-16403 1 Webkul 1 Bagisto 2024-11-21 6.5 MEDIUM 8.8 HIGH
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
CVE-2019-14933 1 Webkul 1 Bagisto 2024-11-21 6.8 MEDIUM 8.8 HIGH
Bagisto 0.1.5 allows CSRF under /admin URIs.