CVE-2025-2610

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://chocapikk.com/posts/2025/magnusbilling/	Exploit Third Party Advisory
https://github.com/magnussolution/magnusbilling7/commit/f0f083c76157e31149ae58342342fb1bf1629e22	Patch
https://vulncheck.com/advisories/magnusbilling-alarm-xss	Third Party Advisory
https://chocapikk.com/posts/2025/magnusbilling/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:magnussolution:magnusbilling:*:*:*:*:*:*:*:*

History

01 Apr 2025, 20:28

Type	Values Removed	Values Added
References	~~() https://chocapikk.com/posts/2025/magnusbilling/ -~~	() https://chocapikk.com/posts/2025/magnusbilling/ - Exploit, Third Party Advisory
References	~~() https://github.com/magnussolution/magnusbilling7/commit/f0f083c76157e31149ae58342342fb1bf1629e22 -~~	() https://github.com/magnussolution/magnusbilling7/commit/f0f083c76157e31149ae58342342fb1bf1629e22 - Patch
References	~~() https://vulncheck.com/advisories/magnusbilling-alarm-xss -~~	() https://vulncheck.com/advisories/magnusbilling-alarm-xss - Third Party Advisory
First Time		Magnussolution Magnussolution magnusbilling
CPE		cpe:2.3:a:magnussolution:magnusbilling::::::::

25 Mar 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web en MagnusSolution MagnusBilling (Alarm Module modules) permite cross-site scripting almacenado autenticados. Esta vulnerabilidad está asociada a los archivos de programa protected/components/MagnusLog.Php. Este problema afecta a MagnusBilling hasta la versión 7.3.0.
References	~~() https://chocapikk.com/posts/2025/magnusbilling/ -~~	() https://chocapikk.com/posts/2025/magnusbilling/ -

21 Mar 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-21 23:15

Updated : 2025-04-01 20:28

NVD link : CVE-2025-2610

Mitre link : CVE-2025-2610

CVE.ORG link : CVE-2025-2610

JSON object : View

Products Affected

magnussolution

magnusbilling

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

7.6 /10