Jorani Leave Management System 0.6.5 - Cross-Site Scripting

Persistent cross-site scripting XSS issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. id: CVE-2018-15917 info: name: Jorani Leave Management System 0.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium...

Jorani 1.0.0 - Remote Code Execution

Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server. id: CVE-2023-26469 info: name: Jorani 1.0.0 - Remote Code Execution author: pussycat0x severity: critical description: | Jorani 1.0.0, an attacker could leverage path traversal to access files...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

PT-2026-20260

Name of the Vulnerable Software and Affected Versions Jorani versions prior to 1.0.5 Description A SQL injection issue exists in the alldayoffs feature of the software. An authenticated attacker can execute arbitrary SQL commands through the entity parameter. Recommendations Update to version 1.0...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

CVE-2025-67102

Jorani versions up to 1.0.4 contain a SQL injection vulnerability in the alldayoffs feature, exploitable by an authenticated attacker via the entity parameter to execute arbitrary SQL commands. Multiple sources (Red Hat, CVE listings, PT-Security advisory) concur that the issue stems from imprope...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

CVE-2025-67102

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter...

Jorani 安全漏洞

Jorani is a vacation management system developed by Benjamin BALET of France. It aims to provide small organizations with a simple workflow for vacation and overtime requests. Jorani versions 1.0.4 and earlier contained security vulnerabilities, which were caused by improper handling of entity...

CVE-2023-45540

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...

CVE-2023-53870

Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information...

CVE-2023-53870

Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information...

CVE-2023-53870 Jorani 1.0.3 Cross-Site Scripting Vulnerability via Language Parameter

Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information...

CVE-2023-53870 Jorani 1.0.3 Cross-Site Scripting Vulnerability via Language Parameter

Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information...

CVE-2023-53870

CVE-2023-53870 concerns Jorani 1.0.3, which has a reflected XSS vulnerability in the language parameter. An attacker can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information. Public sources in the connected documents consisten...

Jorani 跨站脚本漏洞

Jorani is a leave management system by Benjamin BALET, an individual developer in France. It is intended to provide a simple workflow for leave and overtime requests for small organizations. A cross-site scripting vulnerability exists in Jorani version 1.0.3, which stems from the presence of...

PT-2025-51288

Name of the Vulnerable Software and Affected Versions Jorani version 1.0.3 Description The software contains a reflected cross-site scripting issue in the language parameter. An attacker can inject malicious scripts by crafting XSS payloads within this parameter, potentially enabling the executio...

EUVD-2018-7774

Malware in sbrugna...