Title:Jorani 注入漏洞 (CVE-2023-45540) Description:Jorani是法国Benjamin BALET个人开发者的一个休假管理系统。旨在为小型组织提供简单的休假和加班请求工作流程。 Jorani Leave Management System 1.0.3版本存在安全漏洞。攻击者利用该漏洞通过特制的脚本在“List of Leave requests”页面的comment字段中执行任意 HTML 代码。
Description
CVE-2023-45540 Jorani Leave Management System v1.0.3 – HTML Injection
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.