3 matches found
CVE-2023-5286
The CVE-2023-5286 entry affects SourceCodester Expense Tracker App v1, specifically the Category Handler’s add_category.php where manipulating the category_name parameter causes cross-site scripting (XSS). Descriptions across multiple sources confirm remote exploitation potential and public discl...
CVE-2023-44048
Sourcecodester Expense Tracker App v1 is reported vulnerable to Cross Site Scripting (XSS) via the add category action (CVE-2023-44048). The CVSS base score is 5.4 (Medium) with network attack vector, low privileges required, user interaction required, and scope changed; impact is limited to conf...
CVE-2022-45033
CVE-2022-45033 refers to an XSS vulnerability in Expense Tracker 1.0 that enables an attacker to inject and execute arbitrary web scripts or HTML via the Chat text field. The root cause is improper input sanitization in the Chat field, enabling script execution in the victim’s browser. Affected s...