Jorani

jorani

9 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Leave Management System

leave_management_system

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-67102 1Jorani 1Jorani Apr 3, 2026 Feb 17, 2026 N/A· v4 7.6 HIGH· v3 N/A· v2 A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter.
CVE-2023-48205 1Jorani 1Leave Management System Nov 21, 2024 Dec 7, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.
CVE-2023-45540 1Jorani 1Leave Management System Nov 21, 2024 Oct 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.
CVE-2023-2681 1Jorani 1Jorani Nov 21, 2024 Oct 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path a...Show more An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.Show less
CVE-2023-26469 1Jorani 1Jorani Nov 21, 2024 Aug 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
CVE-2022-48118 1Jorani 1Jorani Mar 28, 2025 Jan 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.
CVE-2022-34134 1Jorani 1Jorani Mar 30, 2026 Jun 28, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.
CVE-2022-34133 1Jorani 1Jorani Mar 30, 2026 Jun 28, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.
CVE-2022-34132 1Jorani 1Jorani Mar 30, 2026 Jun 28, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.