A vulnerability was found in Bagisto up to 2.4.3. It has been classified as problematic. This affects an unknown function of the file create.blade.php of the component Create Order Page. Performing a manipulation results in cross site scripting.
This vulnerability is cataloged as CVE-2026-60120. It is possible to initiate the attack remotely. There is no exploit available.