BichitroGan ISP Billing Software Profile users-view cross site scripting

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

Description

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?_route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-6623

Source VulDB

Published Apr 20, 2026 at 09:00

Affected Product

Vendor BichitroGan

Product ISP Billing Software

Version 2025.3.20

Affected Versions BichitroGan ISP Billing Software 2025.3.20

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?_route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-20T09:00:20.118Z",
    "modified": "2026-04-20T09:00:20.118Z",
    "type": "cve",
    "title": "BichitroGan ISP Billing Software Profile users-view cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/358258\nhttps://vuldb.com/vuln/358258/cti\nhttps://vuldb.com/submit/792394\nhttps://github.com/4m3rr0r/PoCVulDb/issues/17",
    "id": "CVE-2026-6623",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "BichitroGan ISP Billing Software 2025.3.20",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ISP Billing Software",
    "version": "2025.3.20",
    "vendor": "BichitroGan",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

BichitroGan ISP Billing Software Profile users-view cross site scripting_CVE-2026-6623