CVE-2023-36236 — Cross-site Scripting in Bagisto
Severity
4.8MEDIUMNVD
EPSS
0.2%
top 54.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 16
Latest updateJan 17
Description
Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7