CVE-2024-1031 LOW

CVE-2024-1031: CodeAstro Expense Management System Add Expenses Page 5-Add-Expenses.php cross site scripting

Vendor Codeastro

Product Expense Management System

Weakness CWE-79 · XSS

Published January 30, 2024

Last update June 11, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252304.

Key dates

02Disclosure timeline

January 30, 2024 CVE published

June 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-1031

Related vulnerabilities

04Related CVE

CVE-2022-45839 WordPress WHA Puzzle Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS) CVE-2023-45056 WordPress Open User Map | Everybody can add locations Plugin <= 1.3.26 is vulnerable to Cross Site Scripting (XSS) CVE-2025-0601 Stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x CVE-2025-1491 WP Posts Carousel <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play_timeout Parameter CVE-2025-60141 WordPress The Tribal Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability