CNNVD-202510-2296 Information

CNNVD ID

CNNVD-202510-2296

Related CVE

CVE-2025-62414

• CNNVD Published: 2025-10-16

Description (Chinese)

Webkul Software Bagisto是印度Webkul Software公司的一套开源的电子商务框架。 Webkul Software Bagisto 2.3.7版本存在安全漏洞，该漏洞源于Create New Customer功能中某些输入字段未充分过滤，可能导致跨站脚本攻击。

Description (English)

Webkul Software Bagisto is an open-source e-commerce framework for Webkul Software in India. There is a security loophole in version 2.3.7 of Webkul Software Bagisto, which stems from the fact that certain input fields in the Create NewCustomer function are not adequately filtered and may result in a cross-station script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Webkul Software

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/bagisto/bagisto/security/advisories/GHSA-r9xj-mvqf-jm7w https://access.redhat.com/security/cve/cve-2025-62414

Patch

https://bagisto.com/en/download/