CVE-2025-40734

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.1MEDIUM
EPSS
0.0%
top 87.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Daily Expense Manager Daily Expense ManagerCode-projects Daily Expense Manager
Timeline
PublishedJun 30

Description

Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirm_password parameters in /register.php.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager2025-06-30
GHSA
GHSA-2223-m5r7-6p5x: Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v12025-06-30
CVE-2025-40734 (MEDIUM CVSS 5.1) | Reflected Cross-Site Scripting (XSS | cvebase.io