VYPR

Fossbilling

by fossbilling

Source repositories

CVEs (20)

  • CVE-2026-40495MedJun 3, 2026
    risk 0.45cvss epss 0.00

    FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hide_version_public` security setting. The FOSSBilling version is embedded in the…

  • CVE-2026-43926MedJun 4, 2026
    risk 0.41cvss epss 0.00

    FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:hash` is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only…

  • CVE-2026-43924MedJun 3, 2026
    risk 0.31cvss epss 0.00

    FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be…

  • CVE-2026-33543Jun 24, 2026
    risk 0.00cvss epss 0.00

    FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint remains usable after an…

  • CVE-2026-27708Jun 24, 2026
    risk 0.00cvss epss 0.00

    FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's __call method accepts an order_id parameter and fetches the associated order without verifying the authenticated client owns it, potentially…

  • CVE-2026-23513Jun 23, 2026
    risk 0.00cvss epss 0.00

    FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In…

  • CVE-2025-64105Jun 23, 2026
    risk 0.00cvss epss 0.00

    FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating rel_id when…

  • CVE-2026-27604Jun 23, 2026
    risk 0.00cvss epss 0.00

    FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged `/api/system/*` endpoints. Because `system` resolves to the…

  • CVE-2026-28496Jun 23, 2026
    risk 0.00cvss epss 0.02

    FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulnerability in the template rendering system. Administrators with access to features that render Twig templates (email templates, mass…

  • CVE-2023-4005CriJul 31, 2023
    risk 0.00cvss 9.8epss 0.00

    Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.

  • CVE-2023-3521MedJul 6, 2023
    risk 0.00cvss 6.1epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.

  • CVE-2023-3493HigJun 30, 2023
    risk 0.00cvss 8.0epss 0.01

    Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.

  • CVE-2023-3491HigJun 30, 2023
    risk 0.00cvss 8.8epss 0.01

    Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.

  • CVE-2023-3490CriJun 30, 2023
    risk 0.00cvss 9.8epss 0.01

    SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.

  • CVE-2023-3394MedJun 23, 2023
    risk 0.00cvss 5.4epss 0.01

    Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.

  • CVE-2023-3393HigJun 23, 2023
    risk 0.00cvss 7.2epss 0.01

    Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.

  • CVE-2023-3230HigJun 14, 2023
    risk 0.00cvss 7.5epss 0.00

    Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0.

  • CVE-2023-3229MedJun 14, 2023
    risk 0.00cvss 6.5epss 0.01

    Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.

  • CVE-2023-3228MedJun 14, 2023
    risk 0.00cvss 5.7epss 0.00

    Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.

  • CVE-2023-3227MedJun 14, 2023
    risk 0.00cvss 5.7epss 0.00

    Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.