Enviar #792395: BichitroGan ISP Billing System 2025.3.20 Stored Cross-Site Scripting (XSS)información

TítuloBichitroGan ISP Billing System 2025.3.20 Stored Cross-Site Scripting (XSS)
DescripciónThe application allows administrators to create network pools using the Pool Name field. This input is stored in the database without proper validation or sanitization. When the stored value is later displayed in the Pool List interface, it is rendered directly into HTML without escaping, allowing execution of Iinjected JavaScript.
Fuente⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/16
Usuario
 4m3rr0r (UID 85795)
Sumisión2026-03-29 15:02 (hace 28 días)
Moderación2026-04-19 18:32 (21 days later)
EstadoAceptado
Entrada de VulDB358259 [BichitroGan ISP Billing Software 2025.3.20 Pool List Interface /?\_route=pool/add secuencias de comandos en sitios cruzados]
Puntos18

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!