Expense Management System
Monthly
Stored cross-site scripting in projectworlds Expense Management System 1.0 allows high-privileged authenticated users to inject malicious scripts via the Expense Categories creation page, affecting other users who view the poisoned content. The vulnerability requires administrator-level access and user interaction (rendering the page), limiting real-world impact despite remote network delivery. Publicly available exploit code exists; EPSS exploitation probability is very low at 0.03%, suggesting this is primarily a proof-of-concept risk rather than an actively exploited threat.
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the Currency Page create function (/public/admin/currencies/create), which are then reflected to other users who interact with that page. The vulnerability requires user interaction and high-level administrative privileges to exploit, resulting in limited real-world risk despite public exploit availability and low EPSS score.
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows authenticated high-privilege users to inject malicious scripts via the Roles Page create endpoint (/public/admin/roles/create), which are then reflected to other users. The vulnerability requires high-privilege authentication and user interaction to trigger, limiting real-world exploitation despite public POC availability and network accessibility.
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows high-privileged authenticated users to inject malicious scripts via the /public/admin/users/create endpoint, which are executed in the browsers of other users viewing the affected page. The vulnerability requires administrator privileges and user interaction (clicking a link), significantly limiting exploitation scope despite remote accessibility and publicly available proof-of-concept code.
Stored cross-site scripting in projectworlds Expense Management System 1.0 allows high-privileged authenticated users to inject malicious scripts via the Expense Categories creation page, affecting other users who view the poisoned content. The vulnerability requires administrator-level access and user interaction (rendering the page), limiting real-world impact despite remote network delivery. Publicly available exploit code exists; EPSS exploitation probability is very low at 0.03%, suggesting this is primarily a proof-of-concept risk rather than an actively exploited threat.
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the Currency Page create function (/public/admin/currencies/create), which are then reflected to other users who interact with that page. The vulnerability requires user interaction and high-level administrative privileges to exploit, resulting in limited real-world risk despite public exploit availability and low EPSS score.
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows authenticated high-privilege users to inject malicious scripts via the Roles Page create endpoint (/public/admin/roles/create), which are then reflected to other users. The vulnerability requires high-privilege authentication and user interaction to trigger, limiting real-world exploitation despite public POC availability and network accessibility.
Stored cross-site scripting (XSS) in projectworlds Expense Management System 1.0 allows high-privileged authenticated users to inject malicious scripts via the /public/admin/users/create endpoint, which are executed in the browsers of other users viewing the affected page. The vulnerability requires administrator privileges and user interaction (clicking a link), significantly limiting exploitation scope despite remote accessibility and publicly available proof-of-concept code.