Magnusbilling

CVEs (3)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2025-52289	Magnussolution Magnusbilling	—	0.00	Jul 31, 2025	A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.
CVE-2025-2609	Magnussolution Magnusbilling	—	0.03	Mar 21, 2025	Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.
CVE-2025-2610	Magnussolution Magnusbilling	—	0.02	Mar 21, 2025	Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.

CVE-2025-52289Jul 31, 2025
Magnussolution
Magnusbilling
risk 0.00cvss —epss 0.00
A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.
CVE-2025-2609Mar 21, 2025
Magnussolution
Magnusbilling
risk 0.00cvss —epss 0.03
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.
CVE-2025-2610Mar 21, 2025
Magnussolution
Magnusbilling
risk 0.00cvss —epss 0.02
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.