Jorani Project: >> Jorani >> 0.6.5 Security Vulnerabilities
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.
CVSS Score
5.4
EPSS Score
0.008
Published
2018-09-05
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-09-05