Vulnerabilities > Jorani > Jorani

DATE CVE VULNERABILITY TITLE RISK
2023-10-03 CVE-2023-2681 SQL Injection vulnerability in Jorani 1.0.0
An SQL Injection vulnerability has been found on Jorani version 1.0.0.
network
low complexity
jorani CWE-89
8.8
8.8
2023-08-17 CVE-2023-26469 Path Traversal vulnerability in Jorani 1.0.0
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
network
low complexity
jorani CWE-22
critical
 9.8
9.8
2023-01-27 CVE-2022-48118 Cross-site Scripting vulnerability in Jorani 1.0.0
Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.
network
low complexity
jorani CWE-79
6.1
6.1
2022-06-28 CVE-2022-34132 SQL Injection vulnerability in Jorani 1.0.0
Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.
network
low complexity
jorani CWE-89
critical
 9.8
9.8
2022-06-28 CVE-2022-34133 Cross-site Scripting vulnerability in Jorani 1.0.0
Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.
network
low complexity
jorani CWE-79
6.1
6.1
2022-06-28 CVE-2022-34134 Cross-Site Request Forgery (CSRF) vulnerability in Jorani 1.0.0
Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.
network
low complexity
jorani CWE-352
8.8
8.8