EPSS
Percentile
29.3%
kevinpapst/kimai2 is vulnerable to cross-site scripting (XSS). It does not escape the timesheet description, allowing an attacker to inject a malicious script via that description.
github.com/kevinpapst/kimai2/commit/a0e8aa3a435717187fb12210242dab1b7c97ff3f
github.com/kevinpapst/kimai2/pull/962
github.com/kevinpapst/kimai2/releases/tag/1.1