CVE-2024-27499
published 2024-03-01CVE-2024-27499: Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.
PriorityP427medium6.5CVSS 3.1
AVNACLPRLUIRSCCLILAL
EPSS
0.52%
40.3th percentile
Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bagisto | bagisto | >= 0 < 2.1.0 | 2.1.0 |
| webkul | bagisto | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Bagist Cross-site Scripting vulnerability
osv·2024-03-01
CVE-2024-27499 [MEDIUM] Bagist Cross-site Scripting vulnerability
Bagist Cross-site Scripting vulnerability
Bagisto is vulnerable to cross-site scripting (XSS) via png file upload vulnerability in product review option.
GHSA
Bagist Cross-site Scripting vulnerability
ghsa·2024-03-01
CVE-2024-27499 [MEDIUM] CWE-79 Bagist Cross-site Scripting vulnerability
Bagist Cross-site Scripting vulnerability
Bagisto is vulnerable to cross-site scripting (XSS) via png file upload vulnerability in product review option.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Ek-Saini/security/blob/main/xss-bagisto-v1.5.1https://github.com/auspicious7/Vulnerability-Discover/blob/main/CVE-2024-27499_bagisto-V-1.5.1https://github.com/bagisto/bagisto/pull/9474https://github.com/Ek-Saini/security/blob/main/xss-bagisto-v1.5.1https://github.com/bagisto/bagisto/pull/9474
2024-03-01
Published