Vulnerability Summary: BichitroGan ISP Billing Software 2025.3.20 Cross-Site Scripting Vulnerability Overview Vulnerability Name: BichitroGan ISP Billing Software 2025.3.20 Profile Page users-view Cross-Site Scripting (XSS) CVE ID: CVE-2026-6623 CVSS v3 Score: 2.4 (Low) Vulnerability Type: Stored Cross-Site Scripting (XSS) Discovery Source: GitHub project Submission Date: April 19, 2026 Status: Unpatched, vendor has not responded Impact Scope Affected Product: BichitroGan ISP Billing Software 2025.3.20 Affected Component: in Attack Method: Remote attack, no user interaction required Exploitation Difficulty: Easy Impact: May lead to cross-site scripting attacks affecting other users Remediation Current Status: No known mitigations Recommendation: Consider replacing the affected product Vendor Response: No response Technical Details CWE Classification: CWE-79 (Cross-Site Scripting), CWE-34 (Reflected XSS), CWE-74 (Injection) MITRE ATT&CK: T1190.007 Vector: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Confidentiality: No impact - Integrity: No impact - Availability: No impact Timeline 2026-04-19: Vulnerability disclosed 2026-04-19: VulDB entry created 2026-04-19: VulDB entry last updated Source Information GitHub: https://github.com Status: Undefined --- Note: This vulnerability currently has no publicly available proof-of-concept (POC), but remote exploitation is possible.