Isp Billing Software
Monthly
Cross-site scripting (XSS) in BichitroGan ISP Billing Software 2025.3.20 allows authenticated high-privilege users to inject malicious scripts via the Pool List Interface (/?_route=pool/add endpoint), affecting data integrity through stored or reflected XSS. The vulnerability requires administrator authentication and user interaction (UI:R), limiting immediate risk; however, publicly available exploit code exists and the vendor has not responded to disclosure, leaving affected deployments without an official patch.
Stored cross-site scripting (XSS) in BichitroGan ISP Billing Software 2025.3.20 allows authenticated high-privilege users to inject malicious scripts via the Profile Page Handler settings/users-view endpoint, affecting subsequent users who view the compromised profile. The vulnerability requires high-privilege authentication and user interaction (page viewing), limiting exploitation scope; however, publicly available proof-of-concept code exists and the vendor has not responded to disclosure attempts.
Stored cross-site scripting (XSS) in BichitroGan ISP Billing Software 2025.3.20 allows authenticated remote attackers with high privileges to inject malicious scripts via the Customer Handler edit endpoint (/?_route=customers/edit/), affecting other users who view manipulated customer records. Exploitation requires user interaction (victim viewing the crafted page), but publicly available exploit code exists and the vendor has not responded to disclosure attempts.
BichitroGan ISP Billing Software 2025.3.20 contains an improper resource identifier control vulnerability in the settings/users-view endpoint that allows authenticated remote attackers to disclose sensitive information via manipulation of the ID parameter. The vulnerability has a CVSS score of 4.3 with publicly available exploit code; the vendor has not responded to disclosure attempts.
Cross-site scripting (XSS) in BichitroGan ISP Billing Software 2025.3.20 allows authenticated high-privilege users to inject malicious scripts via the Pool List Interface (/?_route=pool/add endpoint), affecting data integrity through stored or reflected XSS. The vulnerability requires administrator authentication and user interaction (UI:R), limiting immediate risk; however, publicly available exploit code exists and the vendor has not responded to disclosure, leaving affected deployments without an official patch.
Stored cross-site scripting (XSS) in BichitroGan ISP Billing Software 2025.3.20 allows authenticated high-privilege users to inject malicious scripts via the Profile Page Handler settings/users-view endpoint, affecting subsequent users who view the compromised profile. The vulnerability requires high-privilege authentication and user interaction (page viewing), limiting exploitation scope; however, publicly available proof-of-concept code exists and the vendor has not responded to disclosure attempts.
Stored cross-site scripting (XSS) in BichitroGan ISP Billing Software 2025.3.20 allows authenticated remote attackers with high privileges to inject malicious scripts via the Customer Handler edit endpoint (/?_route=customers/edit/), affecting other users who view manipulated customer records. Exploitation requires user interaction (victim viewing the crafted page), but publicly available exploit code exists and the vendor has not responded to disclosure attempts.
BichitroGan ISP Billing Software 2025.3.20 contains an improper resource identifier control vulnerability in the settings/users-view endpoint that allows authenticated remote attackers to disclose sensitive information via manipulation of the ID parameter. The vulnerability has a CVSS score of 4.3 with publicly available exploit code; the vendor has not responded to disclosure attempts.