5 matches found
Cross-site Scripting (XSS)
kimai/kimai is vulnerable to Cross-site Scripting XSS attacks. The library does not properly escape the user input of MarkdownExtension.php, which allows an attacker to inject and execute malicious JavaScript on a victim's browser which can result in an attacker gaining escalated privileges...
Cross-site Scripting in kimai/kimai
Cross Site Scripting XSS vulnerability in kevinpapst kimai2 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...
CVE-2020-19825
Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...
PT-2023-11538 · Kevinpapst · Kimai2
Name of the Vulnerable Software and Affected Versions: kevinpapst kimai2 version 1.30.0 Description: The issue is related to a Cross Site Scripting XSS vulnerability, which allows attackers to gain escalated privileges. This vulnerability is located in the /src/Twig/Runtime/MarkdownExtension.php...
Cross-Site Scripting (XSS)
kevinpapst/kimai2 is vulnerable to cross-site scripting. The vulnerability exists in commentContent function of MarkdownExtension.php because the markdown doesn't use safe mode which allows an attacker to inject and execute arbitrary javascript...