2 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-44098

https://notcve.org/view.php?id=CVE-2021-44098

EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. EGavilan Media Expense-Management-System versión 1.0, es vulnerable a una Inyección SQL por medio del archivo /expense_action.php. Esto permite a un atacante remoto comprometer la base de datos SQL de la aplicación • https://github.com/EGavilan-Media/Expense-Management-System/issues/1 https://medium.com/%40shubhamvpandey/cve-2021-44098-8dbaced8b854 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2020-35395

https://notcve.org/view.php?id=CVE-2020-35395

XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field Una vulnerabilidad de tipo XSS en el componente Add Expense de EGavilan Media Expense Management System versión 1.0, permite a un atacante almacenar permanentemente código JavaScript malicioso por medio del campo "description" • https://nikhilkumar01.medium.com/cve-2020-35395-cd393ac8371c https://www.exploit-db.com/exploits/49146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •