EPSS
Percentile
26.4%
kevinpapst/kimai2 is vulnerable to CSV injection. The vulnerability is possible because the library does not sanitize the $desc parameter, which allows an attacker to inject malicious input.
$desc
github.com/kevinpapst/kimai2/commit/dad1b8b772947f1596175add1b4f33b791705507
github.com/kevinpapst/kimai2/commit/dad1b8b772947f1596175add1b4f33b791705507#diff-6774f5865dbaf8bc6c55b75bd92e6f9950ebe7834aa2efd828a19fd637e667cf
github.com/kevinpapst/kimai2/pull/2532