diff --git a/exploits/multiple/webapps/50548.txt b/exploits/multiple/webapps/50548.txt
new file mode 100644
index 000000000..75166f825
--- /dev/null
+++ b/exploits/multiple/webapps/50548.txt
@@ -0,0 +1,16 @@
+# Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection
+# Date: 11-25-2021
+# Exploit Author: Mohamed Abdellatif Jaber
+# Vendor Homepage: https://bagisto.com/en/
+# Software Link: https://github.com/bagisto/bagisto
+# Version: v1.3.3
+# Tested on: [windows | chrome | firefox ]
+
+Exploit :.
+1- register an account and login your account
+2- go to your profile and edit name , address
+2- and put this payload {{constructor.constructor('alert(document.domain)')()}}
+3- admin or any one view order or your profile will execute arbitrary JS-code
+.
+
+rf:https://portswigger.net/kb/issues/00200308_client-side-template-injection
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 0de94ec98..50fffc9bc 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -44640,3 +44640,4 @@ id,file,description,date,author,type,platform,port
 50543,exploits/php/webapps/50543.txt,"Bus Pass Management System 1.0 - 'Search' SQL injection",1970-01-01,"Abhijeet Singh",webapps,php,
 50544,exploits/multiple/webapps/50544.txt,"FLEX 1085 Web 1.6.0 - HTML Injection",1970-01-01,"Mr Empy",webapps,multiple,
 50547,exploits/php/webapps/50547.py,"CMSimple 5.4 - Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated)",1970-01-01,S1lv3r,webapps,php,
+50548,exploits/multiple/webapps/50548.txt,"Bagisto 1.3.3 - Client-Side Template Injection",1970-01-01,"Mohamed Abdellatif Jaber",webapps,multiple,