VYPR

Expense-Management-System

by EGavilan Media

CVEs (2)

  • CVE-2021-44098CriJun 2, 2022
    risk 0.64cvss 9.8epss 0.01

    EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database.

  • CVE-2020-35395MedDec 15, 2020
    risk 0.40cvss 6.1epss 0.01

    XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field