CVE-2020-35395

Published: Dec 15, 2020Modified: Jun 17, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field

Affected (1)

Products: Egavilanmedia: Expense Management System

Egavilanmedia

1 product

Expense Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Egavilanmedia Expense Management System	Version 1.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://nikhilkumar01.medium.com/cve-2020-35395-cd393ac8371c

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/49146

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://nikhilkumar01.medium.com/cve-2020-35395-cd393ac8371c

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/49146

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.