Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.Referenceshttps://github.com/bbalet/jorani/issues/369https://github.com/bbalet/jorani/commit/3d01cef4ee9cdd70cfe1ac4fd7f5d607dda0d0ca
