Soundar

**Name of the Vulnerable Software and Affected Versions** Jorani Leave Management System version 1.0.3 **Description** The issue allows a remote attacker to execute arbitrary HTML code via a crafted script to the `comment` field of the List of Leave requests page. This can potentially lead to malicious activities such as stealing user sessions or conducting phishing attacks. **Recommendations** For Jorani Leave Management System version 1.0.3, consider disabling the comment field in the List of Leave requests page until a patch is available to prevent the execution of arbitrary HTML code. Additionally, restrict access to this page to minimize the risk of exploitation.