Vulnerabilities > Kimai

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2023-46245 Unspecified vulnerability in Kimai
Kimai is a web-based multi-user time-tracking application.
network
low complexity
kimai
7.2
7.2
2023-02-15 CVE-2020-19825 Cross-site Scripting vulnerability in Kimai 1.30.0
Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.
network
low complexity
kimai CWE-79
critical
 9.6
9.6
2022-04-08 CVE-2021-43515 Improper Neutralization of Formula Elements in a CSV File vulnerability in Kimai
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai.
local
low complexity
kimai CWE-1236
7.8
7.8
2021-12-09 CVE-2021-4033 Cross-Site Request Forgery (CSRF) vulnerability in Kimai 2
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
kimai CWE-352
6.5
6.5
2021-12-01 CVE-2021-3985 Cross-site Scripting vulnerability in Kimai Kimai2
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
kimai CWE-79
critical
 9.0
9.0
2021-11-19 CVE-2021-3957 Cross-Site Request Forgery (CSRF) vulnerability in Kimai 2
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
kimai CWE-352
4.3
4.3
2021-11-19 CVE-2021-3963 Cross-Site Request Forgery (CSRF) vulnerability in Kimai 2
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
kimai CWE-352
4.3
4.3
2021-11-19 CVE-2021-3976 Cross-Site Request Forgery (CSRF) vulnerability in Kimai 2
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
kimai CWE-352
6.5
6.5
2019-08-23 CVE-2019-15481 Cross-site Scripting vulnerability in Kimai 2
Kimai v2 before 1.1 has XSS via a timesheet description.
network
low complexity
kimai CWE-79
6.1
6.1