Expense Management System
CVE-2020-35395
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field
AnalysisAI
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field Affected products include: Egavilanmedia Expense Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Expense Management System
View allAn issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploade
Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/deb
A vulnerability was found in SourceCodester Expense Management System. Rated critical severity (CVSS 9.8), this vulnerab
A vulnerability was found in CodeAstro Expense Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerabili
Stored cross-site scripting in projectworlds Expense Management System 1.0 allows high-privileged authenticated users to
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows authenticated users with high pr
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows authenticated high-privilege use
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows high-privileged authenticated us
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today