Expense management system
This hub aggregates every CVE we track for Expense management system, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
12
CVEs tracked
1
Critical
2
High
0
In CISA KEV
Severity distribution
LOW5MEDIUM4HIGH2CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
4
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 12 most recently published vulnerabilities affecting Expense management system.
- CVE-2025-12231projectworlds Expense Management System Expense Categories create cross site scripting2.4
- CVE-2025-12230projectworlds Expense Management System Currency create cross site scripting2.4
- CVE-2025-12229projectworlds Expense Management System Roles Page create cross site scripting2.4
- CVE-2025-12228projectworlds Expense Management System Users Page create cross site scripting2.4
- CVE-2025-6478CodeAstro Expense Management System cross-site request forgery4.3
- CVE-2024-1031CodeAstro Expense Management System Add Expenses Page 5-Add-Expenses.php cross site scripting3.5
- CVE-2023-44824An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component.7.8
- CVE-2021-41434A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.5.4
- CVE-2022-36754Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p.7.2
- CVE-2022-2688SourceCodester Expense Management System POST Parameter report.php fetch_report_credit sql injection6.3
- CVE-2021-44098EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database.9.8
- CVE-2020-35395XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field6.1
Product normalization is registry-driven with AI assist and human review. How it works