VIR Vulnerability Intelligence Relay

Package impact

php Packagist / bagisto/bagisto

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-6744 medium 6.3 6.3 1mo ago Bagisto affected by Server-Side Request Forgery
CVE-2026-6745 low 3.5 3.5 1mo ago Bagisto affected by Cross-site Scripting
CVE-2026-21449 unknown 5mo ago Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege users
CVE-2026-21447 unknown 5mo ago Bagisto has IDOR in Customer Order Reorder Functionality
CVE-2026-21448 unknown 5mo ago Bagisto has Normal & Blind SSTI from low-privilege user when ordering product
CVE-2026-21450 unknown 5mo ago Bagisto SSTI vulnerability in type parameter can lead to RCE
CVE-2026-21451 unknown 5mo ago Bagisto has HTML Filter Bypass that Enables Stored XSS
CVE-2026-21446 unknown 5mo ago Bagisto Missing Authentication on Installer API Endpoints
CVE-2025-62414 unknown 8mo ago bagisto has Cross Site Scripting (XSS) in Create New Customer
CVE-2025-62417 unknown 8mo ago bagisto has CSV Formula Injection in Create New Product
CVE-2025-62418 unknown 8mo ago bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)
CVE-2025-62416 unknown 8mo ago bagisto has Server Side Template Injection (SSTI) in Product Description
CVE-2025-62415 unknown 8mo ago bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
CVE-2025-60880 unknown 8mo ago Bagisto is vulnerable to XSS through Admin Panel's product creation path
CVE-2023-36238 unknown 2y ago Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
CVE-2024-27499 unknown 2y ago Bagist Cross-site Scripting vulnerability
CVE-2023-36237 unknown 2y ago Bagisto Cross-Site Request Forgery vulnerability
CVE-2023-36236 unknown 2y ago Cross-site Scripting in Bagisto
CVE-2019-14933 unknown 4y ago Bagisto CSRF Vulnerability
CVE-2019-16403 unknown 7y ago Authorization Bypass Through User-Controlled Key in Bagisto