Jorani

jorani

Vendor: Jorani • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-67102 1Jorani 1Jorani Apr 3, 2026 Feb 17, 2026 N/A· v4 7.6 HIGH· v3 N/A· v2 A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter.
CVE-2023-2681 1Jorani 1Jorani Nov 21, 2024 Oct 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path a...Show more An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.Show less
CVE-2023-26469 1Jorani 1Jorani Nov 21, 2024 Aug 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
CVE-2022-48118 1Jorani 1Jorani Mar 28, 2025 Jan 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.
CVE-2022-34134 1Jorani 1Jorani Mar 30, 2026 Jun 28, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.
CVE-2022-34133 1Jorani 1Jorani Mar 30, 2026 Jun 28, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.
CVE-2022-34132 1Jorani 1Jorani Mar 30, 2026 Jun 28, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.