CVE-2025-12231 MEDIUM

CVE-2025-12231: projectworlds Expense Management System Expense Categories create cross site scripting

Vendor Projectworlds
Product Expense Management System
Weakness CWE-79 · XSS
Published October 27, 2025
Last update February 24, 2026
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in projectworlds Expense Management System 1.0. Affected is an unknown function of the file /public/admin/expense_categories/create of the component Expense Categories Page. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Key dates

02Disclosure timeline

October 27, 2025 CVE published
February 24, 2026 Record updated