Jorani 漏洞列表
共找到 8 个与 Jorani 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2018-15917: Jorani Leave Management System 0.6.5 - Cross-Site Scripting POC
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. -
CVE-2023-26469: Jorani 1.0.0 - Remote Code Execution POC
Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server. -
CVE-2018-15917: Jorani Leave Management System 0.6.5 - Cross-Site Scripting POC
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. -
CVE-2023-26469: Jorani 1.0.0 - Remote Code Execution POC
Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server. -
jorani-benjamin-xss: Jorani v1.0.3-2014-2023 Benjamin BALET - Cross-Site Scripting POC
The value of the `language request` parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 75943";alert(1)//569 was submitted in the language parameter. This input was echoed unmodified in the application's response. The attacker can modify the token session and he can discover sensitive information for the server. -
Jorani 1.0.0 log 代码执行漏洞(CVE-2023-26469) 无POC
Jorani是一款开源的员工考勤和休假管理系统,适用于中小型企业和全球化组织,它简化了员工工时记录、休假请求和审批流程,并提供了多语言支持以满足不同地区的需求。在 Jorani 1.0.0 中,攻击者可以利用路径遍历来访问文件并在服务器上执行代码。 -
Jorani CVE-2023-26469 远程代码执行漏洞 无POC
Jorani存在远程代码执行漏洞。此漏洞是由于对用户上传的参数缺乏校验导致的。 -
Jorani远程代码执行漏洞(CVE-2023-26469) 无POC
Jorani是法国Benjamin BALET个人开发者的一个休假管理系统。旨在为小型组织提供简单的休假和加班请求工作流程。 Jorani1.0.0版本存在安全漏洞,该漏洞源于存在路径遍历漏洞。攻击者可利用该漏洞访问文件并在服务器上执行代码。