CVE-2025-40675 – “Bagisto Reflected Cross-Site Scripting (XSS)”

June 9, 2025

CVE ID : CVE-2025-40675

Published : June 9, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending the victim a malicious URL using the parameter ‘query’ in ‘/search’. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5871 – Papendorf SOL Connect Center Web Interface Authentication Bypass Vulnerability

Next Article Critical 9.8 CVSS Flaw: Unpatched PayU CommercePro Plugin Allows Admin Account Takeover!

Highlights

CVE-2025-37998 – Openvswitch Netlink Attribute Parsing Vulnerability

May 29, 2025

CVE ID : CVE-2025-37998

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

openvswitch: Fix unsafe attribute parsing in output_userspace()

This patch replaces the manual Netlink attribute iteration in
output_userspace() with nla_for_each_nested(), which ensures that only
well-formed attributes are processed.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

Trump’s AI plan says a lot about open source – but here’s what it leaves out

Google’s new Search mode puts classic results back on top – how to access it

These AR swim goggles I tested have all the relevant metrics (and no subscription)

Google’s new AI tool Opal turns prompts into apps, no coding required

Laravel Scoped Route Binding for Nested Resource Management

Laravel Scoped Route Binding for Nested Resource Management

Add Reactions Functionality to Your App With Laravel Reactions

saasykit/laravel-open-graphy

Sam Altman won’t trust ChatGPT with his “medical fate” unless a doctor is involved — “Maybe I’m a dinosaur here”

Sam Altman won’t trust ChatGPT with his “medical fate” unless a doctor is involved — “Maybe I’m a dinosaur here”

“It deleted our production database without permission”: Bill Gates called it — coding is too complex to replace software engineers with AI

Top 6 new features and changes coming to Windows 11 in August 2025 — from AI agents to redesigned BSOD screens

CVE-2025-40675 – “Bagisto Reflected Cross-Site Scripting (XSS)”

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

ToolShell: An all-you-can-eat buffet for threat actors

CVE-2025-5233 – WordPress Color Palette Stored Cross-Site Scripting Vulnerability

mehrancodes/laravel-harbor

CVE-2025-47674 – Credova Financial CSRF

How to install and use Ollama to run AI LLMs on your Windows 11 PC

CVE-2025-37998 – Openvswitch Netlink Attribute Parsing Vulnerability

Windows Remote Desktop Services Vulnerability Allows Remote Code Execution

Google Uncovers LOSTKEYS Malware Used by Russian COLDRIVER for Cyber Espionage

CVE-2025-6432 – Mozilla Firefox DNS Proxy Bypass Vulnerability

CVE-2025-40675 – “Bagisto Reflected Cross-Site Scripting (XSS)”

Related Posts