EPSS
Percentile
31.1%
kevinpapst/kimai2 is vulnerable to cross-site request forgery. An attacker can delete invoice templates through the deleteCommentAction function in CustomerController.php
deleteCommentAction
CustomerController.php
github.com/kevinpapst/kimai2/commit/95796ab2560ad93f44068a88f0fad758c2053514
github.com/kevinpapst/kimai2/pull/2936
huntr.dev/bounties/3abf308b-7dbd-4864-b1a9-5c45b876def8
huntr.dev/bounties/3abf308b-7dbd-4864-b1a9-5c45b876def8/