Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

fossbilling — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting fossbilling. AI-powered Chinese analysis, POCs, and references for each vulnerability.

FOSSBilling serves as an open-source billing and invoicing platform for web hosting and SaaS businesses. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS), privilege escalation flaws, and insecure direct object references. The platform's 11 recorded CVEs highlight recurring issues in input validation, access control, and session management. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests developers should implement strict input sanitization, enforce proper authentication mechanisms, and regularly update the system to mitigate potential exploitation risks.

Top products by fossbilling: fossbilling/fossbilling
CVE IDTitleCVSSSeverityPublished
CVE-2023-4005 Insufficient Session Expiration in fossbilling/fossbilling — fossbilling/fossbillingCWE-613 8.8 -2023-07-31
CVE-2023-3521 Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling — fossbilling/fossbillingCWE-79 5.4 -2023-07-06
CVE-2023-3493 Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling — fossbilling/fossbillingCWE-1236 8.0 -2023-06-30
CVE-2023-3491 Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling — fossbilling/fossbillingCWE-434 8.0 -2023-06-30
CVE-2023-3490 SQL Injection in fossbilling/fossbilling — fossbilling/fossbillingCWE-89 6.5 -2023-06-30
CVE-2023-3394 Session Fixation in fossbilling/fossbilling — fossbilling/fossbillingCWE-384 7.6 -2023-06-23
CVE-2023-3393 Code Injection in fossbilling/fossbilling — fossbilling/fossbillingCWE-94 5.7 -2023-06-23
CVE-2023-3230 Missing Authorization in fossbilling/fossbilling — fossbilling/fossbillingCWE-862 7.5 -2023-06-14
CVE-2023-3229 Business Logic Errors in fossbilling/fossbilling — fossbilling/fossbillingCWE-840 4.3 -2023-06-14
CVE-2023-3228 Business Logic Errors in fossbilling/fossbilling — fossbilling/fossbillingCWE-840 4.3 -2023-06-14
CVE-2023-3227 Insufficient Granularity of Access Control in fossbilling/fossbilling — fossbilling/fossbillingCWE-1220 7.1 -2023-06-14

This page lists every published CVE security advisory associated with fossbilling. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.