CVEs (2)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Egavilanmedia 1Expense Management System Jun 17, 2026 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. |
1Egavilanmedia 1Expense Management System Jun 17, 2026 Dec 15, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field |