CVE-2026-6624

BichitroGan ISP Billing Software Pool List add cross site scripting

CVSS 4.8 MEDIUMEPSS 0.2%CWE-79 CWE-94

A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\_route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Productos afectados

BichitroGan · ISP Billing Software

PoCs públicas encontradas — 1

cve_referencegithub.com/4m3rr0r/PoCVulDb/issues/16no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/4m3rr0r/PoCVulDb/issues/16 https://vuldb.com/submit/792395 https://vuldb.com/vuln/358259 https://vuldb.com/vuln/358259/cti