3 matches found
CVE-2019-15481
Kimai v2 before 1.1 has XSS via a timesheet description...
CVE-2019-15481
Kimai v2 before 1.1 has XSS via a timesheet description...
CVE-2019-15481
Affected product: Kimai v2 prior to 1.1. The vulnerability is an XSS flaw in the timesheet description field, where unescaped user input can be rendered in the UI. Root cause: lack of proper escaping/validation of the timesheet description leading to script injection. Impact: cross-site scripting...