RSS   Vulnerabilities for 'Jorani'   RSS

2018-09-05
 
CVE-2018-15918

CWE-89
 

 
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.

 
 
CVE-2018-15917

CWE-79
 

 
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.

 

 >>> Vendor: Jorani 2 Products
Jorani
Leave management system


Copyright 2024, cxsecurity.com

 

Back to Top