Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize `<script>` tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be stored in the CMS content and executed whenever the page is viewed or edited. This exposes administrators to a high-severity risk, including complete account takeover, backend hijacking, and malicious script execution. Version 2.3.10 fixes the issue.
A stored Cross-Site Scripting (XSS) vulnerability in Bagisto eCommerce platform versions prior to 2.3.10 allows attackers to bypass script tag sanitization in the CMS page editor by manipulating raw HTTP POST requests. This enables arbitrary JavaScript execution, leading to administrator account takeover and backend hijacking. An exploit is publicly available.
في طابور التحليل الذكي
سيتم تحليل هذا CVE تلقائياً في المهام المجدولة.