CVE-2023-45540

MEDIUM

Jorani Leave Management System 1.0.3 - Stored Cross-Site Scripting via Leave Request Comment Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-45540. PoCs published by SoundarXploit.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2023-45540, demonstrating an HTML injection vulnerability in Jorani Leave Management System v1.0.3. The exploit involves injecting HTML into the comments field of a leave request, which is then rendered in the application.

Description

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.

Exploits (1)

nomisec WORKING POC
by SoundarXploit · poc
https://github.com/SoundarXploit/CVE-2023-45540

This repository provides a functional proof-of-concept for CVE-2023-45540, demonstrating an HTML injection vulnerability in Jorani Leave Management System v1.0.3. The exploit involves injecting HTML into the comments field of a leave request, which is then rendered in the application.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Jorani Leave Management System v1.0.3
Auth required
Prerequisites: Access to a valid user account in the Jorani Leave Management System · Ability to submit a leave request with a crafted comment field
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0052
EPSS Percentile 39.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-74
Status published
Products (1)
jorani/leave_management_system 1.0.3
Published Oct 16, 2023
Tracked Since Feb 18, 2026