CVE-2023-53870

Name of the Vulnerable Software and Affected Versions Jorani version 1.0.3

Description The software contains a reflected cross-site scripting issue in the language parameter. An attacker can inject malicious scripts by crafting XSS payloads within this parameter, potentially enabling the execution of arbitrary JavaScript and the theft of user session information.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the language parameter to prevent the injection of malicious scripts.