Shenal01

1 exploit Active since Oct 2025
CVE-2025-60880 WRITEUP HIGH WRITEUP
Bagisto 2.3.6 - Authenticated Stored Cross-Site Scripting via SVG File Upload
An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in the browser, potentially leading to session hijacking, data theft, or unauthorized actions.
CVSS 8.3