CVE-2025-40733

CVE-2025-40733 is a reflected XSS vulnerability in Daily Expense Manager v1.0. The issue arises from insufficient filtering/escaping of user-supplied data in the POST parameter username of /login.php, allowing an attacker to execute JavaScript when a user interacts with the login flow. Multiple s...

CVE-2025-40731

CVE-2025-40731 is a SQL injection vulnerability in Daily Expense Manager v1.0 affecting the /update.php endpoint, exploitable via the pname, pprice and id parameters. The vulnerability allows an attacker to retrieve, create, update and delete databases as described in the cited sources. Affected ...

CVE-2025-40732

CVE-2025-40732 affects Daily Expense Manager v1.0. The issue is a user-enumeration vulnerability caused by an unvalidated name parameter in /check.php, exploitable via a POST request containing the name parameter. Mitigation suggestions from connected sources include restricting access to /check....

CVE-2025-40734

Daily Expense Manager (version 1.0) is affected by a Reflected XSS flaw in /register.php, exploitable via POST parameters password and confirm_password. The root cause is insufficient input filtering/escaping of user-supplied data, enabling execution of injected JavaScript. Documented impact is a...