CVE-2023-36237 — Cross-Site Request Forgery in Bagisto

Severity

8.8HIGHNVD

EPSS

0.2%

top 59.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedFeb 26

Latest updateFeb 27

Description

Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

▶Packagistbagisto/bagisto< 1.3.2

OSV

Bagisto Cross-Site Request Forgery vulnerability↗2024-02-27

▶

GHSA

Bagisto Cross-Site Request Forgery vulnerability↗2024-02-27

▶

CVEList

CVE-2023-36237: Cross Site Request Forgery vulnerability in Bagisto before v↗2024-02-26

▶