BichiroGan ISP Billing Software 2025.3.20 Stored XSS Vulnerability (CVE-2026-6622)

Vulnerability Overview Vulnerability Name: BichiroGan ISP Billing Software 2025.3.20 Customer edit cross site scripting CVE ID: CVE-2026-6622 CVSS Score: 2.2 (CVSS v3.0) Vulnerability Type: Cross-Site Scripting (XSS) Vulnerability Description: In BichiroGan ISP Billing Software 2025.3.20, cross-site scripting can be triggered by manipulating unknown input. This vulnerability affects the component in the file . An attacker can execute the attack remotely without user interaction. Impact Scope Affected Software: BichiroGan ISP Billing Software 2025.3.20 Affected Component: Affected Functionality: File Attack Conditions: No user interaction required; can be executed remotely Remediation Current Status: No known mitigations Recommended Measures: Replace the affected product with an alternative solution Additional Information Vulnerability Source: GitHub Vulnerability Status: Undefined Vulnerability Timeline: - April 19, 2026: Vulnerability disclosed - April 19, 2026: VulDB entry created - April 19, 2026: VulDB entry last updated Exploit Code Exploit Code: None Vulnerability Scores CVSS v3.0: 2.2 CVSS v2.0: 2.2 CVSS v1.0: 2.2 Vulnerability Classification CPE 2.3: CPE 2.2: Exploitation Information Attack Vector: Network Attack Complexity: Low Authentication Required: None User Interaction: None Scope of Impact: Integrity Physical Impact: None Local Impact: None Remote Impact: Yes Availability: None Access Level: Public Status: Proof-of-concept Download: None Price Prediction: None Current Price Estimate: None Threat Intelligence Interest: None Active Actors: None Active APT Groups: None Mitigations Recommended Measures: No known mitigations Status: None Timeline April 19, 2026: Vulnerability disclosed April 19, 2026: VulDB entry created April 19, 2026: VulDB entry last updated Sources Vulnerability Source: GitHub Status: Undefined Entry Information Creation Time: April 19, 2026 06:37 PM Change Time: April 19, 2026 06:37 PM (157) Completion Time: None Submitter: 4m3rfrfr Cache ID: 5:4E8:109 Submission Information Accepted: Yes Submission Number: #792393 Submission Content: BichiroGan ISP Billing System 2025.3.20 Stored Cross-Site Scripting (XSS) (by 4m3rfrfr) Discussion Comments: None Language: English Advertisement Alexa App: None Footer Copyright: © 1997-2026 vuldb.com Languages: de, es, fr, it, pt, zh, ja, ko, ru, ar Show More: Yes IP Pool: USA20.4.2

Goal Reached Thanks to every supporter — we hit 100%!

BichiroGan ISP Billing Software 2025.3.20 Stored XSS Vulnerability (CVE-2026-6622)