Fossbilling CVEs and Security Vulnerabilities

Filtered by vendor Fossbilling Subscriptions

Filtered by product Fossbilling Subscriptions

Search

Switch to Advanced Search (Beta)

Total 13 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-43924	1 Fossbilling	1 Fossbilling	2026-06-03	N/A
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect targets, creating an open redirect vulnerability exploitable for phishing attacks. Users following a legitimate FOSSBilling URL can be silently redirected to an attacker-controlled external site. The redirect is issued as a 301 (Moved Permanently) response, which browsers cache persistently, amplifying the impact. Exploitation requires administrator privileges to create or modify redirect entries, limiting practical attack scenarios to multi-admin environments or compromised admin accounts. Version 0.8.0 fixes the issue. Some workarounds are available. Restrict admin access to the Redirect module to trusted administrators only and/or audit existing redirect entries in the database (the `extension_meta` table with `extension = 'mod_redirect'`) for any unexpected or external target URLs.
CVE-2023-3227	1 Fossbilling	1 Fossbilling	2025-01-02	5.7 Medium
Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.
CVE-2023-3228	1 Fossbilling	1 Fossbilling	2025-01-02	5.7 Medium
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
CVE-2023-3229	1 Fossbilling	1 Fossbilling	2025-01-02	6.5 Medium
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
CVE-2023-3230	1 Fossbilling	1 Fossbilling	2025-01-02	7.5 High
Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0.
CVE-2023-4005	1 Fossbilling	1 Fossbilling	2024-11-21	9.8 Critical
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.
CVE-2023-3568	2 Alextselegidis, Fossbilling	2 Easyappointments, Fossbilling	2024-11-21	6.3 Medium
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-3521	1 Fossbilling	1 Fossbilling	2024-11-21	6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.
CVE-2023-3493	1 Fossbilling	1 Fossbilling	2024-11-21	8.0 High
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.
CVE-2023-3491	1 Fossbilling	1 Fossbilling	2024-11-21	8.8 High
Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.
CVE-2023-3490	1 Fossbilling	1 Fossbilling	2024-11-21	9.8 Critical
SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.
CVE-2023-3394	1 Fossbilling	1 Fossbilling	2024-11-21	5.4 Medium
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
CVE-2023-3393	1 Fossbilling	1 Fossbilling	2024-11-21	7.2 High
Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.

Page 1 of 1.