CVE-2024-1031 – CodeAstro Expense Management System Add Expenses Page 5-Add-Expenses.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-1031
A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. • https://docs.qq.com/doc/DYmhqV3piekZ5dlZi https://vuldb.com/?ctiid.252304 https://vuldb.com/?id.252304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-44824
https://notcve.org/view.php?id=CVE-2023-44824
An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. Un problema en Expense Management System v.1.0 permite a un atacante local ejecutar código arbitrario a través de un archivo manipulado subido al componente sign-up.php. • https://abstracted-howler-727.notion.site/CVE-2023-44824-ab76909b4a0e477b87aa8d0ca4aa4ca7 https://abstracted-howler-727.notion.site/Vulnerability-Description-ccc2e6489a0d43859c61a7982e649da1 https://gist.github.com/Muscial/e46c4e4031d25a3684cda124dfc45d96 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-41434
https://notcve.org/view.php?id=CVE-2021-41434
A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado en la aplicación Expense Management System versión 1.0, que permite una ejecución arbitraria de comandos JavaScript mediante el archivo index.php • https://egavilanmedia.com/Expense-Management-System https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-41434.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-36754
https://notcve.org/view.php?id=CVE-2022-36754
Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. Se ha detectado que Expense Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en /Home/debit_credit_p • https://github.com/mikeccltt/0724/blob/main/ci_ems/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •