CVE-2021-41434

Name of the Vulnerable Software and Affected Versions Expense Management System version 1.0

Description A stored Cross-Site Scripting (XSS) issue exists in the Expense Management System application, allowing for arbitrary execution of JavaScript commands through the "index.php" endpoint. This enables potential attackers to execute malicious scripts.

Recommendations For version 1.0, consider disabling access to the "index.php" endpoint until a patch is available to prevent exploitation of the stored XSS issue. Restricting user input validation and sanitization can also help minimize the risk of arbitrary JavaScript command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.