Security Flaw Identified in Projectworlds PHP Application

A security vulnerability has been officially documented in the Expense Management System in php free download, a product from Projectworlds. The issue is formally tracked by the Japan Vulnerability Notes (JVN) database under the identifier JVNDB-2025-017611.

The identified weakness is a cross-site scripting (XSS) vulnerability. This classification falls under the Common Weakness Enumeration category CWE-79, which pertains to the improper neutralization of input during web page generation.

Vulnerability Impact and Details

According to the public advisory, the presence of this cross-site scripting vulnerability allows for an arbitrary script to be executed on the web browser of a user who is logged into the system. The report does not specify which versions of the Expense Management System are affected or provide information on countermeasures from the developer.

Source: http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2025-017611_AD_1.html