Cross-Site Scripting Vulnerability in Jorani by Benjamin BALET
CVE-2022-34133

6.1MEDIUM

Key Information:

Vendor

Jorani

Status
Jorani
Vendor
CVE Published:
28 June 2022

What is CVE-2022-34133?

Jorani v1.0, a web application developed by Benjamin BALET, is susceptible to a cross-site scripting (XSS) vulnerability. This security flaw allows attackers to inject malicious scripts into web pages viewed by users. Specifically, the vulnerability is triggered via the Comment parameter in the application/controllers/Leaves.php file. Successful exploitation of this weakness could lead to stolen session tokens, compromised user accounts, or other malicious actions, highlighting the critical importance of implementing security best practices in web development.

References

https://github.com/bbalet/jorani/issues/369
x_refsource_MISC
https://github.com/bbalet/jorani/commit/3d01cef4ee9cdd70c...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.