CNNVD-202510-1418 Information

CNNVD ID

CNNVD-202510-1418

Related CVE

CVE-2025-60880

• CNNVD Published: 2025-10-10

Description (Chinese)

Webkul Software Bagisto是印度Webkul Software公司的一套开源的电子商务框架。 Webkul Software Bagisto 2.3.6版本存在安全漏洞，该漏洞源于产品创建路径中存在存储型跨站脚本漏洞，可能导致会话劫持、数据窃取或未授权操作。

Description (English)

Webkul Software Bagisto is an open-source e-commerce framework for Webkul Software in India. There is a security loophole in version 2.3.6 of Webkul Software Bagisto, which stems from the existence of a storage cross-site script gap in the product’s creation path, which may lead to session hijacking, data theft or unauthorized operation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Webkul Software

Published

2025-10-10

Last Modified

2026-02-24

References

https://github.com/Shenal01/CVE-2025-60880 https://access.redhat.com/security/cve/cve-2025-60880