Unrated severityNVD Advisory· Published Mar 21, 2025· Updated Nov 22, 2025
MagnusBilling Stored Cross-Site Scripting in Login Logs
CVE-2025-2609
Description
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php.
This issue affects MagnusBilling: through 7.3.0.
Affected products
1- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.