Moderate severityNVD Advisory· Published Mar 1, 2024· Updated Aug 11, 2025
CVE-2024-27499
CVE-2024-27499
Description
Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bagisto/bagistoPackagist | < 2.1.0 | 2.1.0 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-w5mx-334j-6fwvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-27499ghsaADVISORY
- github.com/Ek-Saini/security/blob/main/xss-bagisto-v1.5.1ghsaWEB
- github.com/auspicious7/Vulnerability-Discover/blob/main/CVE-2024-27499_bagisto-V-1.5.1ghsaWEB
- github.com/bagisto/bagisto/commit/b01bfc5fab3933a132380f36cb2e9670d2310bafghsaWEB
- github.com/bagisto/bagisto/pull/9474ghsaWEB
News mentions
0No linked articles in our index yet.