Back

CVE-2026-6623: Cross-Site Scripting Vulnerability in BichitroGan ISP Billing Software

Severity: Medium (Score: 51.1)

Sources: cve.report, exploit-intel.com, nvd.nist.gov

Summary

A security flaw identified as CVE-2026-6623 affects BichitroGan ISP Billing Software version 2025.3.20. The vulnerability is located in an unknown function of the file /?_route=settings/users-view/ within the Profile Page Handler component. It allows for cross-site scripting (XSS) attacks that can be executed remotely. Despite early notification, the vendor has not responded to the disclosure. The CVSS score for this vulnerability is 4.0, indicating a medium severity level. This flaw could potentially expose users to unauthorized actions on their profiles. Currently, there is no patch or mitigation available. Security professionals are advised to monitor for any exploitation attempts. The vulnerability has been officially published in the CVE List as of April 20, 2026. Key Points: • CVE-2026-6623 affects BichitroGan ISP Billing Software version 2025.3.20. • The vulnerability allows for remote cross-site scripting attacks. • The vendor has not responded to the disclosure of this security flaw.

Key Entities

  • XSS (vulnerability)
  • CVE-2026-6623 (cve)
  • Cwe-79 - Cross-site Scripting (xss) (cwe)
  • CWE-94 - Code Injection (cwe)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed