Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
29049.2%CRITICAL

Related CVEs

9
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-67102A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter.HIGH7.612.5%Feb 17, 2026
CVE-2023-48205Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.MEDIUM5.350.5%Dec 7, 2023
CVE-2023-45540An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.MEDIUM6.539.9%Oct 16, 2023
CVE-2023-2681An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.HIGH8.843.2%Oct 3, 2023
CVE-2023-26469In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.CRITICAL9.899.6%Aug 17, 2023
CVE-2022-48118Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.MEDIUM6.1Jan 27, 2023
CVE-2022-34134Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.HIGH8.8Jun 28, 2022
CVE-2022-34133Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.MEDIUM6.1Jun 28, 2022
CVE-2022-34132Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.CRITICAL9.8Jun 28, 2022