Jorani 1.0.3 Cross-Site Scripting Vulnerability via Language Parameter

Advisories

severity: medium
date: December 15, 2025
Affecting: Jorani 1.0.3
CVE: CVE-2023-53870
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS: 5.1
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-51715
Jorani Product Webpage
Credit: nu11secur1ty
Description: Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information.