Kimai 2 vulnerable to persistent cross-site scripting in the timesheet descriptions

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

CVE-2019-25317

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

CVE-2019-25317

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

CVE-2019-25317

Kimai 2 is affected by a persistent cross-site scripting vulnerability in the timesheet description field, allowing SVG-based XSS payloads to be injected and executed as other users load the affected page. The issue enables arbitrary JavaScript execution in contexts where descriptions are viewed,...

CVE-2019-25317 Kimai 2- persistent cross-site scripting (XSS)

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

CVE-2019-25317 Kimai 2- persistent cross-site scripting (XSS)

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

CVE-2019-25317

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

PT-2026-7611

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

kimai 跨站脚本漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developer. Kimai 2 has a cross-site scripting vulnerability, which stems from stored-xss attacks. This vulnerability could allow the injection of malicious SVG-based scripts into schedule descriptions,...

CVE-2021-4033

kimai2 is vulnerable to Cross-Site Request Forgery CSRF...

Kimai 跨站请求伪造漏洞

Kimai is an open source, web-based, multi-user time tracking application. A cross-site request forgery vulnerability exists in kimai2, which stems from the software's lack of token validation for cross-site request forgery. kimai2 is vulnerable to cross-site request forgery CSRF...

PT-2021-22766 · Kimai2 · Kimai2

Name of the Vulnerable Software and Affected Versions: kimai2 affected versions not specified Description: The issue is related to Improper Access Control. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issu...

Kimai 跨站请求伪造漏洞

Kimai is an open source, web-based, multi-user time tracking application. A cross-site request forgery vulnerability exists in Kimai 2, which stems from the product's failure to validate that a request originated from a trusted user. An attacker could use this vulnerability to send unintended...