CVE-2026-40479
CVE-2026-40479 (Kimai) : Concrete details across multiple sources show a stored XSS vulnerability caused by an incomplete escape in the client-side escapeForHtml() in KimaiEscape.js. Affected versions are 1.16.3 through 2.52.0; the issue arises when a user-controlled profile alias is injected int...