{"url":"http://public2.vulnerablecode.io/api/packages/68539?format=json","purl":"pkg:composer/bagisto/bagisto@1.3.2","type":"composer","namespace":"bagisto","name":"bagisto","version":"1.3.2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.1.0","latest_non_vulnerable_version":"2.3.10","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47251?format=json","vulnerability_id":"VCID-2qau-g8vu-7qee","summary":"Bagisto vulnerable to Insecure Direct Object Reference (IDOR)\nInsecure Direct Object Reference (IDOR) in Bagisto v.1.5.0 allows an attacker to obtain sensitive information via the invoice ID parameter.","references":[{"reference_url":"https://github.com/bagisto/bagisto","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bagisto/bagisto"},{"reference_url":"https://github.com/bagisto/bagisto/commit/2a24098cb582e072c87177e0ad17be45f240ad17","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bagisto/bagisto/commit/2a24098cb582e072c87177e0ad17be45f240ad17"},{"reference_url":"https://github.com/bagisto/bagisto/pull/4697","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bagisto/bagisto/pull/4697"},{"reference_url":"https://github.com/Ek-Saini/security/blob/main/IDOR-Bagisto","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Ek-Saini/security/blob/main/IDOR-Bagisto"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36238","reference_id":"CVE-2023-36238","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36238"},{"reference_url":"https://github.com/advisories/GHSA-pmc7-hmmw-g96q","reference_id":"GHSA-pmc7-hmmw-g96q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pmc7-hmmw-g96q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68539?format=json","purl":"pkg:composer/bagisto/bagisto@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bagisto/bagisto@1.3.2"}],"aliases":["CVE-2023-36238","GHSA-pmc7-hmmw-g96q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qau-g8vu-7qee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47132?format=json","vulnerability_id":"VCID-9gse-2aq9-eyab","summary":"Bagisto Cross-Site Request Forgery vulnerability\nCross Site Request Forgery vulnerability in Bagisto before v.1.3.2 allows an attacker to execute arbitrary code via a crafted HTML script.","references":[{"reference_url":"https://github.com/bagisto/bagisto","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bagisto/bagisto"},{"reference_url":"https://github.com/bagisto/bagisto/commit/265aa14db1490005fa4e0d6fe714835abb689813","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bagisto/bagisto/commit/265aa14db1490005fa4e0d6fe714835abb689813"},{"reference_url":"https://github.com/bagisto/bagisto/commits/v1.3.2/?after=2dbb988388bc480af4bc8e880caed500772cfbc7+139","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bagisto/bagisto/commits/v1.3.2/?after=2dbb988388bc480af4bc8e880caed500772cfbc7+139"},{"reference_url":"https://github.com/Ek-Saini/security/blob/main/CSRF-Bagisto","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Ek-Saini/security/blob/main/CSRF-Bagisto"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36237","reference_id":"CVE-2023-36237","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36237"},{"reference_url":"https://github.com/advisories/GHSA-7p7q-fjfw-v3gf","reference_id":"GHSA-7p7q-fjfw-v3gf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7p7q-fjfw-v3gf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68539?format=json","purl":"pkg:composer/bagisto/bagisto@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bagisto/bagisto@1.3.2"}],"aliases":["CVE-2023-36237","GHSA-7p7q-fjfw-v3gf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gse-2aq9-eyab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46842?format=json","vulnerability_id":"VCID-v3xa-jemf-p7dc","summary":"Cross-site Scripting in Bagisto\nCross Site Scripting vulnerability in webkil Bagisto v1.3.1 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.","references":[{"reference_url":"https://bagisto.com/en","reference_id":"","reference_type":"","scores":[],"url":"https://bagisto.com/en"},{"reference_url":"https://github.com/bagisto/bagisto/commit/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bagisto/bagisto/commit/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45"},{"reference_url":"https://github.com/bagisto/bagisto/pull/4764/commits/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bagisto/bagisto/pull/4764/commits/7bbf0c4bb565fc2601f031f9bbcdfa06e24dbd45"},{"reference_url":"https://github.com/Ek-Saini/security/blob/main/XSS_via_fileupload-bagisto","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Ek-Saini/security/blob/main/XSS_via_fileupload-bagisto"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36236","reference_id":"CVE-2023-36236","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36236"},{"reference_url":"https://github.com/advisories/GHSA-c962-g533-823f","reference_id":"GHSA-c962-g533-823f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c962-g533-823f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68539?format=json","purl":"pkg:composer/bagisto/bagisto@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bagisto/bagisto@1.3.2"}],"aliases":["CVE-2023-36236","GHSA-c962-g533-823f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3xa-jemf-p7dc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/bagisto/bagisto@1.3.2"}