CVE-2018-15917

MEDIUM NUCLEI

Jorani - XSS

Title source: rule

Description

Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.

Exploits (1)

exploitdb WORKING POC

by Javier Olmedo · textwebappsphp

https://www.exploit-db.com/exploits/45338

View Code ZIP pw:eip

Nuclei Templates (1)

Jorani Leave Management System 0.6.5 - Cross-Site Scripting

MEDIUMVERIFIEDby ritikchaddha

Shodan: title:"Login - Jorani" || http.favicon.hash:-2032163853

FOFA: icon_hash=-2032163853

References (3)

[Third Party Advisory] https://github.com/bbalet/jorani/issues/254

[Exploit, Third Party Advisory] https://hackpuntes.com/cve-2018-15917-jorani-leave-management-system-0-6-5-cross-site-scripting-persistente/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45338/

Scores

CVSS v3 5.4

EPSS 0.0061

EPSS Percentile 69.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

jorani_project/jorani 0.6.5

Published Sep 05, 2018

Tracked Since Feb 18, 2026