Jorani Cross-Site Scripting Vulnerability (CNVD-2022-58885)

Benjamin BALET Jorani is a leave management system from the French personal developer Benjamin BALET. Designed to provide small organizations with a simple workflow for leave and overtime requests, Benjamin BALET Jorani version 1.0 contains a cross-site scripting vulnerability stemming from a lack of data validation filtering of user-supplied data and output in the Comment field of the /application/controllers/Leaves.php page. An attacker could exploit this vulnerability to execute JavaScript code on the client side.