CVE-2025-2609

Source
https://cve.org/CVERecord?id=CVE-2025-2609
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2609.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-2609
Published
2025-03-21T22:41:13.784Z
Modified
2026-07-08T07:09:23.250798089Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CVSS Calculator
Summary
MagnusBilling Stored Cross-Site Scripting in Login Logs
Details

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php.

This issue affects MagnusBilling: through 7.3.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2609.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/magnussolution/magnusbilling7

Affected ranges

Type
GIT
Repo
https://github.com/magnussolution/magnusbilling7
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:magnussolution:magnusbilling:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.3.0"
        }
    ]
}

Affected versions

6.*
6.0.3
6.3.1
6.6.1
6.6.5
7.*
7.0.0
7.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2609.json"