MidnightBSD

Advisories for jorani_project

CVE-2018-15917 LOW

Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
jorani_project jorani 0.6.5
CVE-2018-15918 MEDIUM

An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
jorani_project jorani 0.6.5
CVE-2022-48118

Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.

Products Affected

Vendor Product Version
jorani_project jorani 1.0.0