CVE-2025-2609

Name of the Vulnerable Software and Affected Versions MagnusBilling versions through 7.3.0

Description The issue is related to improper neutralization of input during web page generation in MagnusSolution MagnusBilling login logging, allowing unauthenticated users to store HTML content. This can lead to cross-site scripting. The vulnerability is associated with program files protected/components/MagnusLog.Php and is accessible at the "/mbilling/index.php/logUsers/read" API endpoint.

Recommendations For versions through 7.3.0, update to a version that includes a fix for this issue to prevent cross-site scripting attacks. As a temporary workaround, consider restricting access to the "/mbilling/index.php/logUsers/read" API endpoint to minimize the risk of exploitation. Additionally, restricting the use of the MagnusLog.Php component until a patch is available can help mitigate the risk.