Cross-Site Scripting Vulnerability in Bagisto eCommerce Platform by Bagisto
CVE-2025-62414
6.9MEDIUM
What is CVE-2025-62414?
The Bagisto eCommerce platform, particularly version 2.3.7, features a serious Cross-Site Scripting (XSS) vulnerability within its 'Create New Customer' functionality in the admin panel. An attacker can exploit this flaw by injecting malicious JavaScript into designated input fields. Subsequently, this injected script can execute within the browser context of an administrator or any user accessible to the customer data. This vulnerability poses significant risks, including session hijacking and unauthorized actions from the admin account. Users are advised to upgrade to version 2.3.8, where this vulnerability has been addressed and resolved.
Affected Version(s)
bagisto < 2.3.8