Vulnerability Description
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Magnussolution | Magnusbilling | <= 7.3.0 |
Related Weaknesses (CWE)
References
- https://chocapikk.com/posts/2025/magnusbilling/ExploitThird Party Advisory
- https://github.com/magnussolution/magnusbilling7/commit/f0f083c76157e31149ae5834Patch
- https://vulncheck.com/advisories/magnusbilling-alarm-xssThird Party Advisory
- https://chocapikk.com/posts/2025/magnusbilling/ExploitThird Party Advisory
FAQ
What is CVE-2025-2610?
CVE-2025-2610 is a vulnerability with a CVSS score of 7.6 (HIGH). Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is...
How severe is CVE-2025-2610?
CVE-2025-2610 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-2610?
Check the references section above for vendor advisories and patch information. Affected products include: Magnussolution Magnusbilling.