Filtered by vendor Webkul Subscriptions
Filtered by product Bagisto Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-33570 1 Webkul 1 Bagisto 2024-11-27 8.8 High
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
CVE-2024-27499 1 Webkul 1 Bagisto 2024-11-21 6.5 Medium
Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.
CVE-2023-36236 1 Webkul 1 Bagisto 2024-11-21 4.8 Medium
Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.
CVE-2019-16403 1 Webkul 1 Bagisto 2024-11-21 8.8 High
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
CVE-2019-14933 1 Webkul 1 Bagisto 2024-11-21 N/A
Bagisto 0.1.5 allows CSRF under /admin URIs.