Miggo Logo
Miggo Vulnerability Database
CVE-2025-60880

CVE-2025-60880: Bagisto is vulnerable to XSS through Admin Panel's product creation path

8.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-60880
GHSA ID
GHSA-29mf-w486-v3vc
EPSS Score
0.10855%
CWE
CWE-79
Published
10/10/2025
Updated
10/13/2025
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
bagisto/bagistocomposer= 2.3.62.3.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

*n *ut**nti**t** stor** XSS vuln*r**ility *xists in t** ***isto *.*.* **min p*n*l's pro*u*t *r**tion p*t*, *llowin* *n *tt**k*r to uplo** * *r**t** SV* *il* *ont*inin* m*li*ious J*v*S*ript *o**. T*is vuln*r**ility **n ** *xploit** *y *n *ut**nti**t**

Reasoning

No *n*lysis *v*il**l*