CNNVD-202510-2297 Information

CNNVD ID

CNNVD-202510-2297

Related CVE

CVE-2025-62415

• CNNVD Published: 2025-10-16

Description (Chinese)

Webkul Software Bagisto是印度Webkul Software公司的一套开源的电子商务框架。 Webkul Software Bagisto 2.3.7版本存在安全漏洞，该漏洞源于TinyMCE图像上传功能允许上传特制HTML文件，可能导致跨站脚本攻击。

Description (English)

Webkul Software Bagisto is an open-source e-commerce framework for Webkul Software in India. Release 2.3.7 of Webkul Software Bagisto contains a security loophole, which stems from the TinyMCE image upload function allowing the uploading of special HTML files, which may result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Webkul Software

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/bagisto/bagisto/security/advisories/GHSA-67px-r26w-598x https://access.redhat.com/security/cve/cve-2025-62415

Patch

https://bagisto.com/en/download/