MagnusBilling Stored Cross-Site Scripting in Login Logs

Go back

severity: high
date: March 21, 2025
Affecting: MagnusBilling 7.3.0 and lower
CVE: CVE-2025-2609
CVE type: Improper Neutralization of Input During Web Page Generation
CVSS: 8.2
CVSS V3 Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
References: Two Stored XSS in MagnusBilling: From CTF Curiosity to CVEs
MagnusBilling patches
Credit: Valentin Lobstein (Chocapikk)