GHSA-c962-g533-823f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c962-g533-823f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-c962-g533-823f/GHSA-c962-g533-823f.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-c962-g533-823f
- Aliases
- Published
- 2024-01-17T00:30:19Z
- Modified
- 2025-06-17T19:33:49.133276Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site Scripting in Bagisto
- Details
-
Cross Site Scripting vulnerability in webkil Bagisto v1.3.1 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.
- Database specific
{ "nvd_published_at": "2024-01-16T22:15:37Z", "github_reviewed_at": "2024-01-23T14:38:31Z", "github_reviewed": true, "severity": "MODERATE", "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-36236
- https://github.com/bagisto/bagisto/pull/4764/commits/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45
- https://github.com/bagisto/bagisto/commit/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45
- https://bagisto.com/en
- https://github.com/Ek-Saini/security/blob/main/XSS_via_fileupload-bagisto
Affected packages
Packagist / bagisto/bagisto
Package
- Name
- bagisto/bagisto
- Purl
- pkg:composer/bagisto/bagisto
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.2