2 matches found
GHSA-3XC2-H5R3-WV3R Kimai vulnerable to formula Injection via tag names in XLSX export
Summary Any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joins tag names with implode and returns the result unchanged. OpenSpout promotes any...
PT-2026-37257
Name of the Vulnerable Software and Affected Versions Kimai versions 2.27.0 through 2.53.x Description Users with ROLE USER privileges can create a tag containing a formula string such as =SUM54+51 via the 'POST /api/tags' endpoint and assign it to a timesheet. The ArrayFormatter.formatValue...