CVE-2025-62418 | Bagisto up to 2.3.7 TinyMCE Image Upload cross site scripting (GHSA-fg89-g389-p346)

October 16, 2025 Yanac

A vulnerability was found in Bagisto up to 2.3.7. It has been declared as problematic. Affected is an unknown function of the component TinyMCE Image Upload. The manipulation results in basic cross site scripting.

This vulnerability is identified as CVE-2025-62418. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More