Shenal01

**Name of the Vulnerable Software and Affected Versions** Bagisto version 2.3.6 **Description** An authenticated stored Cross-Site Scripting (XSS) issue exists in the admin panel's product creation functionality. An attacker can upload a crafted SVG file containing malicious JavaScript code. This allows execution of arbitrary JavaScript in the browser of an authenticated admin user, potentially leading to session hijacking or data theft. The vulnerability is triggered when the malicious SVG file is rendered. The affected path is the product creation process within the admin panel. **Recommendations** Update to a newer version that contains a fix for this vulnerability.