MagnusBilling Stored Cross-Site Scripting in Alarm Module

Go back

severity: high
date: March 21, 2025
Affecting: MagnusBilling 7.3.0 and lower
CVE: CVE-2025-2610
CVE type: Improper Neutralization of Input During Web Page Generation
CVSS: 7.6
CVSS V3 Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
References: Two Stored XSS in MagnusBilling: From CTF Curiosity to CVEs
MagnusBilling patches
Credit: Valentin Lobstein (Chocapikk)