10 matches found
CVE-2026-40486
Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...
CVE-2026-40486
Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...
CVE-2026-40486 Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate
Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...
CVE-2026-40486 Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate
Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...
CVE-2026-40486
Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...
EUVD-2023-41109
Malicious code in bioql PyPI...
CVE-2023-37189
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...
CVE-2023-37189
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module...
CVE-2021-34190
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module...
Cross site scripting
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module...