Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-07	CVE-2023-48205	Injection vulnerability in Jorani Leave Management System 1.0.2 Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. network low complexity jorani CWE-74	5.3
2023-10-16	CVE-2023-45540	Injection vulnerability in Jorani Leave Management System 1.0.3 An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page. network low complexity jorani CWE-74	6.5
2023-01-27	CVE-2022-48118	Cross-site Scripting vulnerability in Jorani 1.0.0 Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter. network low complexity jorani CWE-79	6.1
2022-06-28	CVE-2022-34133	Cross-site Scripting vulnerability in Jorani 1.0.0 Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. network low complexity jorani CWE-79	6.1