Package impact

Packagist / bagisto/bagisto

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-6744	medium	6.3	6.3	1mo ago	Bagisto affected by Server-Side Request Forgery
CVE-2026-6745	low	3.5	3.5	1mo ago	Bagisto affected by Cross-site Scripting
CVE-2026-21449	unknown	—	—	5mo ago	Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege users
CVE-2026-21447	unknown	—	—	5mo ago	Bagisto has IDOR in Customer Order Reorder Functionality
CVE-2026-21448	unknown	—	—	5mo ago	Bagisto has Normal & Blind SSTI from low-privilege user when ordering product
CVE-2026-21450	unknown	—	—	5mo ago	Bagisto SSTI vulnerability in type parameter can lead to RCE
CVE-2026-21451	unknown	—	—	5mo ago	Bagisto has HTML Filter Bypass that Enables Stored XSS
CVE-2026-21446	unknown	—	—	5mo ago	Bagisto Missing Authentication on Installer API Endpoints
CVE-2025-62414	unknown	—	—	7mo ago	bagisto has Cross Site Scripting (XSS) in Create New Customer
CVE-2025-62417	unknown	—	—	7mo ago	bagisto has CSV Formula Injection in Create New Product
CVE-2025-62418	unknown	—	—	7mo ago	bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)
CVE-2025-62416	unknown	—	—	7mo ago	bagisto has Server Side Template Injection (SSTI) in Product Description
CVE-2025-62415	unknown	—	—	7mo ago	bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
CVE-2025-60880	unknown	—	—	8mo ago	Bagisto is vulnerable to XSS through Admin Panel's product creation path
CVE-2023-36238	unknown	—	—	2y ago	Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
CVE-2024-27499	unknown	—	—	2y ago	Bagist Cross-site Scripting vulnerability
CVE-2023-36237	unknown	—	—	2y ago	Bagisto Cross-Site Request Forgery vulnerability
CVE-2023-36236	unknown	—	—	2y ago	Cross-site Scripting in Bagisto
CVE-2019-14933	unknown	—	—	4y ago	Bagisto CSRF Vulnerability
CVE-2019-16403	unknown	—	—	7y ago	Authorization Bypass Through User-Controlled Key in Bagisto