Jorani Project Jorani vulnerabilities
2 known vulnerabilities affecting jorani_project/jorani.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-15918P3MEDIUMCVSS 5.4PoCv0.6.52018-09-05
CVE-2018-15918 [MEDIUM] CWE-89 CVE-2018-15918: An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the applicatio
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.
nvd
CVE-2018-15917P4MEDIUMCVSS 5.4PoCv0.6.52018-09-05
CVE-2018-15917 [MEDIUM] CWE-79 CVE-2018-15917: Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitr
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.
nvd