CVE-2025-40733

Name of the Vulnerable Software and Affected Versions: Daily Expense Manager version 1.0

Description: A Reflected Cross-Site Scripting (XSS) issue exists, allowing an attacker to execute JavaScript code. This is achieved by sending a POST request through the username parameter in the "/login.php" API endpoint.

Recommendations: For Daily Expense Manager version 1.0, as a temporary workaround, consider restricting access to the /login.php endpoint until a patch is available. Avoid using the username parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.