CVE-2026-6624 | BichitroGan ISP Billing Software 2025.3.20 Pool List Interface /?_route=pool/add cross site scripting

Inserito da Angelo Barbosa | Apr 19, 2026 | CVE

A vulnerability described as problematic has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?_route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting.

This vulnerability appears as CVE-2026-6624. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6624 | BichitroGan ISP Billing Software 2025.3.20 Pool List Interface /?_route=pool/add cross site scripting

Post correlati

CVE-2024-4591 | DedeCMS 5.7 sys_group_add.php cross-site request forgery

CVE-2024-35170 | Hidden Depth Sticky banner Plugin up to 1.2.0 on WordPress cross site scripting

CVE-2025-40752 | Siemens POWER METER SICAM Q100 2.61 SMTP Service cleartext storage (ssa-529291)

CVE-2023-6251 | Checkmk up to 2.0.0p39/2.1.0p36/2.2.0p14 User-Message cross-site request forgery