CVE-2023-1688

Name of the Vulnerable Software and Affected Versions SourceCodester Earnings and Expense Tracker App version 1.0

Description A problematic vulnerability has been found in the software, affecting an unknown part of the file, specifically the "Master.php?a=save expense" endpoint. The manipulation of the name argument leads to cross-site scripting. It is possible to initiate the attack remotely.

Recommendations For version 1.0, consider disabling the save expense functionality in the Master.php file until a patch is available. Restrict access to the "Master.php?a=save expense" endpoint to minimize the risk of exploitation. Avoid using the name argument in the affected endpoint until the issue is resolved.