exploitDog

GHSA-hw6c-m8mw-wr5w

Опубликовано: 15 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

Описание

Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information.

Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information.

Ссылки

EPSS

Процентиль: 20%

0.00064

Низкий

5.1 Medium

CVSS4

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-53870

nvd

около 2 месяцев назад

Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information.

EPSS

Процентиль: 20%

0.00064

Низкий

5.1 Medium

CVSS4

CVE ID

Дефекты

CWE-79