Vulnerabilities (CVE)

Filtered by vendor Jorani Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-48205 1 Jorani 1 Leave Management System 2024-11-21 N/A 5.3 MEDIUM
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.
CVE-2023-45540 1 Jorani 1 Leave Management System 2024-11-21 N/A 6.5 MEDIUM
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.
CVE-2023-2681 1 Jorani 1 Jorani 2024-11-21 N/A 8.8 HIGH
An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.
CVE-2023-26469 1 Jorani 1 Jorani 2024-11-21 N/A 9.8 CRITICAL
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
CVE-2022-48118 1 Jorani 1 Jorani 2024-11-21 N/A 6.1 MEDIUM
Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.
CVE-2022-34134 1 Jorani 1 Jorani 2024-11-21 6.8 MEDIUM 8.8 HIGH
Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.
CVE-2022-34133 1 Jorani 1 Jorani 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.
CVE-2022-34132 1 Jorani 1 Jorani 2024-11-21 7.5 HIGH 9.8 CRITICAL
Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.