cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-26303,https://securityvulnerability.io/vulnerability/CVE-2021-26303,Stored XSS Vulnerability in PHPGurukul Daily Expense Tracker System,The PHPGurukul Daily Expense Tracker System version 1.0 contains a stored cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts via the 'Full Name' field in the user profile section. This flaw can lead to unauthorized actions on behalf of legitimate users or exposure of sensitive information. Proper validation and sanitization of user input are essential to mitigate this risk.,PHPgurukul,Daily Expense Tracker System,6.1,MEDIUM,0.009359999559819698,false,,false,false,false,,,false,false,,2021-01-29T01:48:27.000Z,0
CVE-2021-26304,https://securityvulnerability.io/vulnerability/CVE-2021-26304,Stored XSS Vulnerability in PHPGurukul Daily Expense Tracker System,"The Daily Expense Tracker System 1.0 from PHPGurukul is susceptible to a stored cross-site scripting (XSS) vulnerability through the Item parameter in add-expense.php. This flaw allows attackers to inject malicious scripts, potentially compromising user sessions and data integrity.",PHPgurukul,Daily Expense Tracker System,5.4,MEDIUM,0.0012600000482052565,false,,false,false,false,,,false,false,,2021-01-29T01:48:15.000Z,0
CVE-2020-10107,https://securityvulnerability.io/vulnerability/CVE-2020-10107,,"PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php.",PHPgurukul,Daily Expense Tracker System,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2020-03-05T12:43:08.000Z,0
CVE-2020-10106,https://securityvulnerability.io/vulnerability/CVE-2020-10106,,"PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.",PHPgurukul,Daily Expense Tracker System,9.8,CRITICAL,0.004699999932199717,false,,false,false,false,,,false,false,,2020-03-05T12:42:22.000Z,0