CVE-2021-41434

A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt