Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

FOSSBilling — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting FOSSBilling. AI-powered Chinese analysis, POCs, and references for each vulnerability.

FOSSBilling serves as an open-source billing and invoicing platform for web hosting and SaaS businesses. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS), privilege escalation flaws, and insecure direct object references. The platform's 11 recorded CVEs highlight recurring issues in input validation, access control, and session management. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests developers should implement strict input sanitization, enforce proper authentication mechanisms, and regularly update the system to mitigate potential exploitation risks.

Top products by FOSSBilling: fossbilling/fossbilling FOSSBilling
CVE IDTitleCVSSSeverityPublished
CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution — FOSSBillingCWE-306--2026-06-25
CVE-2026-33543 FOSSBilling: Authentication bypass allows unauthenticated administrator creation — FOSSBillingCWE-288--2026-06-24
CVE-2026-27708 FOSSBilling: IDOR in Servicecustom Client API allows cross-client data access — FOSSBillingCWE-284--2026-06-24
CVE-2026-23513 FOSSBilling: Broken Authorization in Client Transaction and Order Listings — FOSSBillingCWE-863--2026-06-23
CVE-2025-64105 FOSSBilling: IDOR Vulnerability in Support Ticket Creation — FOSSBillingCWE-639--2026-06-23
CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions — FOSSBillingCWE-200--2026-06-23
CVE-2026-28496 FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE — FOSSBillingCWE-1336--2026-06-23
CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting — FOSSBillingCWE-204--2026-06-04
CVE-2026-43924 FOSSBilling has an open redirect via administrator-configured redirect targets — FOSSBillingCWE-601--2026-06-03
CVE-2026-40495 FOSSBilling version exposed via asset cache buster — FOSSBillingCWE-200--2026-06-03
CVE-2023-4005 Insufficient Session Expiration in fossbilling/fossbilling — fossbilling/fossbillingCWE-613 8.8 -2023-07-31
CVE-2023-3521 Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling — fossbilling/fossbillingCWE-79 5.4 -2023-07-06
CVE-2023-3493 Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling — fossbilling/fossbillingCWE-1236 8.0 -2023-06-30
CVE-2023-3491 Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling — fossbilling/fossbillingCWE-434 8.0 -2023-06-30
CVE-2023-3490 SQL Injection in fossbilling/fossbilling — fossbilling/fossbillingCWE-89 6.5 -2023-06-30
CVE-2023-3394 Session Fixation in fossbilling/fossbilling — fossbilling/fossbillingCWE-384 7.6 -2023-06-23
CVE-2023-3393 Code Injection in fossbilling/fossbilling — fossbilling/fossbillingCWE-94 5.7 -2023-06-23
CVE-2023-3230 Missing Authorization in fossbilling/fossbilling — fossbilling/fossbillingCWE-862 7.5 -2023-06-14
CVE-2023-3227 Insufficient Granularity of Access Control in fossbilling/fossbilling — fossbilling/fossbillingCWE-1220 7.1 -2023-06-14
CVE-2023-3228 Business Logic Errors in fossbilling/fossbilling — fossbilling/fossbillingCWE-840 4.3 -2023-06-14
CVE-2023-3229 Business Logic Errors in fossbilling/fossbilling — fossbilling/fossbillingCWE-840 4.3 -2023-06-14

This page lists every published CVE security advisory associated with FOSSBilling. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.