CNNVD-202601-069 Information

CNNVD ID

CNNVD-202601-069

Related CVE

CVE-2026-21451

• CNNVD Published: 2026-01-02

Description (Chinese)

Bagisto是印度Webkul Software开源的一套开源的电子商务框架。 Bagisto 2.3.10之前版本存在跨站脚本漏洞，该漏洞源于CMS页面编辑器存在存储型跨站脚本，可能导致账户接管。

Description (English)

Bagisto is an open-source e-commerce framework for Webkul Software in India. The pre-Bagisto 2.3.10 version had a cross-site script loophole, which stemmed from the existence of a stored cross-site script in the CMS page editor, which could lead to the account being taken over.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

Webkul Software

Published

2026-01-02

Last Modified

2026-02-24

References

https://github.com/bagisto/bagisto/security/advisories/GHSA-2mwc-h2mg-v6p8 https://access.redhat.com/security/cve/cve-2026-21451

Patch

https://github.com/bagisto/bagisto/releases