Expense-Management-System
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-44098 | Cri | 0.64 | 9.8 | 0.01 | Jun 2, 2022 | EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. | ||
| CVE-2020-35395 | Med | 0.40 | 6.1 | 0.01 | Dec 15, 2020 | XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field |
- risk 0.64cvss 9.8epss 0.01
EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database.
- risk 0.40cvss 6.1epss 0.01
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field