GCVE - cpe:2.3:a:egavilanmedia:expense_management

Approved changes feed: RSS · Atom

cpe:2.3:a:egavilanmedia:expense_management_system:1.0:*:*:*:*:*:*:*

part: a version: 1.0 update: *

Vendor	Egavilanmedia (`c107ee59-6c7b-5170-84f2-7742f2c3d696`)
Product	Expense Management System (`d63f99d6-4d5a-5b1b-844c-814114330ce7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/egavilan-media/expense-management-system`	purl2cpe	2026-06-01 10:13:24.795241

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-44098`	vulnerable	2026-06-08 05:36:44.941258	Details available EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. Published: 2022-05-31T23:37:50.000Z Updated: 2024-08-04T04:10:17.349Z Open on db.gcve.eu Reference links https://github.com/EGavilan-Media/Expense-Management-System/issues/1 https://medium.com/%40shubhamvpandey/cve-2021-44098-8dbaced8b854	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-35395`	vulnerable	2026-06-08 05:25:01.065973	Details available XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field Published: 2020-12-15T15:38:55.000Z Updated: 2024-08-04T17:02:08.102Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/49146 https://nikhilkumar01.medium.com/cve-2020-35395-cd393ac8371c	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.