CVE-2018-15917 Scanner

The Jorani Leave Management System is a web-based application designed to simplify the employee leave management process. It allows organizations to manage employee vacation requests, sick leave, personal leave, and other types of leave that employees can request. The software simplifies the management of large numbers of requests, reducing the administrative burden on HR staff.

CVE-2018-15917 is a vulnerability detected in Jorani version 0.6.5, which allows attackers to inject arbitrary web script or HTML via the language parameter to the session/language field. This means that attackers can enter malicious code into the system, which can then execute upon delivery to the users of the application.

When exploited, this vulnerability can lead to sensitive data being compromised, such as financial, personal, or confidential company information. It could potentially expose user data or credentials, compromising your system's security. Attackers could use the vulnerability to escalate privileges or conduct phishing attacks.

Thanks to the pro features of Securityforeveryone.com, you can quickly and easily learn about vulnerabilities in your digital assets. This platform can help you stay informed about new security threats and get notified when vulnerabilities are detected, allowing you to take a proactive approach to protecting your business. With this platform, you can be confident that your data is secure and your systems are protected from cyber threats.

REFERENCES

• exploit-db.com: 45338 
• https://github.com/bbalet/jorani/issues/254 
• https://hackpuntes.com/cve-2018-15917-jorani-leave-management-system-0-6-5-cross-site-scripting-persistente/