PT-2022-27380 · Unknown · Expense Tracker
Published
2022-12-15
·
Updated
2023-09-30
·
CVE-2022-45033
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Expense Tracker version 1.0
Description
A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
Chat text field.Recommendations
For Expense Tracker version 1.0, consider disabling the
Chat text field until a patch is available to prevent exploitation. Restrict access to this field to minimize the risk of arbitrary script execution.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Expense Tracker