MagnusSolution MagnusBilling Unauthenticated Stored Cross-Site Scripting Vulnerability in Login Logs

A stored cross-site scripting vulnerability has been identified in MagnusSolution MagnusBilling versions through 7.3.0. This issue allows unauthenticated users to inject HTML content into the login logs, which is then executed in the context of an administrator viewing the logs. The vulnerability arises from improper sanitization of usernames during the login process, enabling the injection of malicious scripts that are stored in the database and later executed when the logs are accessed.

Impact

Exploitation of this vulnerability allows for arbitrary execution of JavaScript in the context of an admin user, potentially leading to session hijacking, cross-site request forgery, and compromise of the admin panel.

Reproduction

To reproduce this vulnerability, send a POST request to the authentication login endpoint with a username payload that includes a JavaScript injection, such as an image tag with an error event handler. After the payload is injected and stored in the login logs, it will execute when an admin accesses the log read endpoint.

Remediation

Users can update to the latest version of MagnusBilling, which includes a patch for this vulnerability. The patch can be found in the official MagnusBilling GitHub repository.