CVE-2025-40675

Name of the Vulnerable Software and Affected Versions Bagisto version 2.0.0

Description A Reflected Cross-Site Scripting (XSS) issue has been found, allowing an attacker to execute JavaScript code in the victim's browser by sending a malicious URL using the query parameter in the "/search" API endpoint. This can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Recommendations For Bagisto version 2.0.0, consider disabling the search functionality or restricting access to the "/search" endpoint until a patch is available. Avoid using the query parameter in the affected API endpoint until the issue is resolved.