CVE-2018-15917

Name of the Vulnerable Software and Affected Versions Jorani version 0.6.5

Description The issue allows remote attackers to inject arbitrary web script or HTML via the language parameter to the "session/language" API endpoint. This enables attackers to perform persistent cross-site scripting (XSS) attacks.

Recommendations For Jorani version 0.6.5, as a temporary workaround, consider restricting access to the "session/language" API endpoint until a patch is available. Additionally, avoid using the language parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.