Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jorani Project Subscribe
Filtered by product Jorani
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-48118 1 Jorani Project 1 Jorani 2023-02-03 N/A 6.1 MEDIUM
Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.
CVE-2022-34134 1 Jorani Project 1 Jorani 2022-07-06 6.8 MEDIUM 8.8 HIGH
Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.
CVE-2022-34133 1 Jorani Project 1 Jorani 2022-07-06 4.3 MEDIUM 6.1 MEDIUM
Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.
CVE-2022-34132 1 Jorani Project 1 Jorani 2022-07-06 7.5 HIGH 9.8 CRITICAL
Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.
CVE-2018-15918 1 Jorani Project 1 Jorani 2022-07-05 5.5 MEDIUM 5.4 MEDIUM
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.
CVE-2018-15917 1 Jorani Project 1 Jorani 2022-07-05 3.5 LOW 5.4 MEDIUM
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.