216.73.217.80

CVE-2025-62418

· Published 16/10/2025 19:15 · Modified 16/10/2025 19:15

Labels: CVE-2025-62418 2025-10-16CVE-2025-62418CWE-80[email protected]

Essential information

Published
16/10/2025 19:15
Modified
16/10/2025 19:15
Author
Creator
CVSS
6.9 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

CVSS metrics

Description

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. This vulnerability is fixed in 2.3.8.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
bagisto / bagisto cpe:2.3:a:bagisto:bagisto:2.3.7:*:*:*:*:*:*:*
bagisto / bagisto cpe:2.3:a:bagisto:bagisto:<2.3.8:*:*:*:*:*:*:*

References