Reflected Cross-Site Scripting Vulnerability in Daily Expense Manager from Daily Expense Manager Inc.
CVE-2025-40734

5.1MEDIUM

Key Information:

Vendor: Daily Expense Manager
Status: Daily Expense Manager
Vendor: CVE Published:; 30 June 2025

🔔 Create Daily Expense Manager Vulnerability Alert

What is CVE-2025-40734?

A reflected Cross-Site Scripting vulnerability exists in Daily Expense Manager v1.0. This flaw allows an attacker to execute arbitrary JavaScript code by manipulating the POST request parameters, specifically through 'password' and 'confirm_password' during the registration process via /register.php. Successful exploitation could lead to unauthorized actions on behalf of users or access to sensitive user data.

Affected Version(s)

Daily Expense Manager 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Rafael Pedrero