EUVD-2023-0785

Malicious code in bioql PyPI...

CVE-2020-19825

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

Cross-site Scripting in kimai/kimai

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

CVE-2020-19825

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

Cross site scripting

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

CVE-2020-19825

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

CVE-2020-19825

CVE-2020-19825 affects kevinpapst kimai2 1.30.0. The vulnerability is a Cross-Site Scripting (XSS) in /src/Twig/Runtime/MarkdownExtension.php that allows an attacker to gain escalated privileges. The root cause is malformed/insufficient escaping of user input in the MarkdownExtension processor, e...

CSV Injection

kevinpapst/kimai2 is vulnerable to CSV injection. The vulnerability is possible because the library does not sanitize the $desc parameter, which allows an attacker to inject malicious input...

Cross-Site Request Forgery (CSRF)

kevinpapst/kimai2 is vulnerable to cross-site request forgery. The vulnerability exists in createInvoiceAction of InvoiceController.php which allows a malicious attacker to trick users to modify status of invoices and disrupt the tracking of invoices...

CVE-2021-4033 Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

kimai2 is vulnerable to Cross-Site Request Forgery CSRF...

Privilege Escalation

kevinpapst/kimai2 is vulnerable to privilege escalation. The vulnerability exists through the lack of permission checks in 'InvoiceController.php', allowing a malicious user to access invoices without read permissions...

CVE-2021-3983 Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2

kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2021-3985 Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2

kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

Cross-Site Request Forgery (CSRF)

kevinpapst/kimai2 is vulnerable to cross-site request forgery. An attacker can delete invoice templates through the deleteCommentAction function in CustomerController.php...

Cross-Site Request Forgery (CSRF)

kevinpapst/kimai2 is vulnerable to cross-site request forgery. An attacker can add admin users to duplicate teams through the duplicateAction function in ProjectController.php...

Improper Access Control in kevinpapst/kimai2

Description Authenticated users can preview invoices which they do not have read access to Proof of Concept To demonstrate this vulnerability, we will use tonyteamlead on the demo site. 1: Login as tonyteamlead. 2: Go to Invoices page, see that there is no Haley-Jaskolski invoice document present...

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

CSRF Set 1 modify invoice status Medium severity Description CSRF in saving invoices / modifying status of invoices pending and cancel only Proof of Concept The following state-changing endpoints are vulnerable to CSRF GET...

CVE-2021-3963 Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

kimai2 is vulnerable to Cross-Site Request Forgery CSRF...

CVE-2021-3976 Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

kimai2 is vulnerable to Cross-Site Request Forgery CSRF...

Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2

Description Cross site scripting vulnerability in name field on customer edit form Proof of Concept place this payload in customer name field and save " Impact This vulnerability is capable of stolen the user session...