CVE-2025-40675Cross-site Scripting in Bagisto

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
0.2%
top 62.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Webkul BagistoBagisto
Timeline
PublishedJun 9

Description

A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

NVDwebkul/bagisto2.0.02.2.3
CVEListV5bagisto/bagisto2.2.2

🔴Vulnerability Details

2
CVEList
Reflected Cross-Site Scripting (XSS) in Bagisto2025-06-09
GHSA
GHSA-v7mq-jjjq-c7p3: A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v22025-06-09
CVE-2025-40675 — Cross-site Scripting in Webkul Bagisto | cvebase