Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-62414

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature (in the admin panel) is vulnerable to Cross-Site Scripting (XSS). An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields. These payloads may later execute in the context of an admin’s browser or another user viewing the customer data, enabling session theft or admin-level actions. This vulnerability is fixed in 2.3.8.

Published

2025-10-16T19:15:34.170

Last Modified

2025-10-22T17:21:50.510

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-80
CWE-87
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	webkul	bagisto	2.3.7	Yes

References

https://github.com/bagisto/bagisto/security/advisories/GHSA-r9xj-mvqf-jm7w Exploit, Vendor Advisory ([email protected])
https://github.com/bagisto/bagisto/security/advisories/GHSA-r9xj-mvqf-jm7w Exploit, Vendor Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)