Lucene search
Veracode Vulnerability DatabaseVERACODE:33144HistoryDec 02, 2021 - 2:48 a.m.
Cross-site Scripting (XSS)
2021-12-0202:48:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
cross-site scripting
javascript injection
user input escaping
EPSS
0.001
Percentile
33.3%
kevinpapst/kimai2 is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the project, customer, and activity attributes in the setEntries function of KimaiRecentActivities.js as it does not properly escape the user inputs.
Related
cvelist
cvelist
CVE-2021-3983 Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2
2021-12-01 11:15:12
nvd
nvd
CVE-2021-3983
2021-12-01 12:15:07
cve
cve
CVE-2021-3983
2021-12-01 12:15:07
osv
osv
Cross-site Scripting in kimai2
2021-12-03 20:43:06
CVE-2021-3983
2021-12-01 12:15:07
cnvd
cnvd
kimai2 cross-site scripting vulnerability
2021-12-02 00:00:00
prion
prion
Cross site scripting
2021-12-01 12:15:00
github
github
Cross-site Scripting in kimai2
2021-12-03 20:43:06
huntr
huntr
Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2
2021-11-18 14:59:38