CVE-2018-15917

MEDIUM NUCLEI

Jorani 0.6.5 - Stored Cross-Site Scripting via Language Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15917. PoCs published by Javier Olmedo. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in Jorani Leave Management System 0.6.5. The vulnerability is triggered via a crafted GET request to the language parameter, which stores malicious script in the user session.

Description

Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.

Exploits (1)

exploitdb WORKING POC

by Javier Olmedo · textwebappsphp

https://www.exploit-db.com/exploits/45338

View Code ZIP pw:eip

This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in Jorani Leave Management System 0.6.5. The vulnerability is triggered via a crafted GET request to the language parameter, which stores malicious script in the user session.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Jorani Leave Management System 0.6.5

No auth needed

Prerequisites: Access to the target application URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Jorani Leave Management System 0.6.5 - Cross-Site Scripting

MEDIUMVERIFIEDby ritikchaddha

Shodan: title:"Login - Jorani" || http.favicon.hash:-2032163853

FOFA: icon_hash=-2032163853

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45338/

Third Party Advisory x_refsource_misc

https://github.com/bbalet/jorani/issues/254

Exploit, Third Party Advisory x_refsource_misc

https://hackpuntes.com/cve-2018-15917-jorani-leave-management-system-0-6-5-cross-site-scripting-persistente/

Scores

CVSS v3 5.4

EPSS 0.0648

EPSS Percentile 92.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

jorani_project/jorani 0.6.5

Published Sep 05, 2018

Tracked Since Feb 18, 2026