Product
jorani
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-67102
CVE-2023-48205
CVE-2023-45540
CVE-2023-2681
CVE-2023-26469
CVE-2022-48118
CVE-2022-34134
CVE-2022-34133
CVE-2022-34132
CVE-2018-15918
CVE-2018-15917
<= 1.0.4
A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitr
all versions
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.
all versions
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to t
all versions
An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, wit
all versions
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
all versions
Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.
all versions
Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.
all versions
Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controll
all versions
Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.
all versions
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read
all versions
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the