CVE-2025-2610
📋 TL;DR
An authenticated stored cross-site scripting (XSS) vulnerability in MagnusBilling's Alarm Module allows attackers to inject malicious scripts that execute when other users view affected pages. This affects authenticated users of MagnusBilling versions through 7.3.0. The vulnerability resides in the protected/components/MagnusLog.Php file.
💻 Affected Systems
- MagnusSolution MagnusBilling
📦 What is this software?
Magnusbilling by Magnussolution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could steal session cookies, perform actions as other users, redirect to malicious sites, or install malware on victim browsers.
Likely Case
Attackers with authenticated access could perform session hijacking, credential theft, or deface internal pages visible to other users.
If Mitigated
With proper input validation and output encoding, the malicious scripts would be rendered harmless as text rather than executable code.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of the vulnerable endpoint. The vulnerability details are publicly disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after commit f0f083c76157e31149ae58342342fb1bf1629e22
Vendor Advisory: https://github.com/magnussolution/magnusbilling7/commit/f0f083c76157e31149ae58342342fb1bf1629e22
Restart Required: No
Instructions:
1. Update MagnusBilling to the latest version after commit f0f083c76157e31149ae58342342fb1bf1629e22. 2. Apply the patch from the GitHub commit that adds proper input sanitization to MagnusLog.Php. 3. Verify the fix by testing input fields in the Alarm Module.
🔧 Temporary Workarounds
Input Validation Web Application Firewall (WAF)
allDeploy a WAF with XSS protection rules to filter malicious scripts before they reach the application.
Content Security Policy (CSP)
allImplement a strict CSP header to prevent execution of inline scripts and restrict script sources.
🧯 If You Can't Patch
- Restrict access to the Alarm Module to only trusted, necessary users using role-based access controls.
- Implement output encoding in the MagnusLog.Php file manually to sanitize user inputs before rendering.
🔍 How to Verify
Check if Vulnerable:
Check if MagnusBilling version is 7.3.0 or earlier and review the MagnusLog.Php file for lack of input sanitization in the Alarm Module.Check Version:
Check the MagnusBilling version in the admin interface or configuration files.Verify Fix Applied:
Test input fields in the Alarm Module with XSS payloads (e.g., <script>alert('test')</script>) and verify they are properly encoded or blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual script tags or JavaScript in Alarm Module logs, multiple failed login attempts followed by XSS payload submissions.
Network Indicators:
- HTTP requests containing script tags or JavaScript in parameters to MagnusLog.Php endpoints.
SIEM Query:
Search for POST/GET requests to */protected/components/MagnusLog.Php with parameters containing <script>, javascript:, or eval().