Leave Management System
CVE-2023-48205
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.
AnalysisAI
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-74. Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. Affected products include: Jorani Leave Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Leave Management System
View allLeave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high s
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high s
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high s
An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted s
A vulnerability was identified in itsourcecode Leave Management System 1.0. This affects an unknown function of the file
SQL injection in CodeAstro Leave Management System 1.0 allows authenticated remote attackers to manipulate the `email_id
Reflected cross-site scripting (XSS) in itsourcecode Leave Management System 1.0 allows authenticated remote attackers t
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today