CVE-2025-2610

MagnusBilling Stored Cross-Site Scripting in Alarm Module

Description

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.

INFO

Published Date :

2025-03-21T22:35:17.724Z

Last Modified :

2025-11-19T18:34:51.596Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2025-2610 vulnerability.

Vendors	Products
Magnussolution	Magnusbilling

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-2610.

URL	Resource
https://chocapikk.com/posts/2025/magnusbilling/
https://github.com/magnussolution/magnusbilling7/commit/f0f083c76157e31149ae58342342fb1bf1629e22
https://vulncheck.com/advisories/magnusbilling-alarm-xss

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact