Cross-Site Scripting in Kimai v2 by Kevin Papst
CVE-2019-15481

6.1MEDIUM

Key Information:

Vendor: Kimai
Status: Kimai 2
Vendor: CVE Published:; 23 August 2019

What is CVE-2019-15481?

Kimai v2, prior to version 1.1, is susceptible to a Cross-Site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts through compromised timesheet descriptions. This vulnerability could enable unauthorized access and manipulation of user data, posing a significant risk to web application integrity. Users are strongly advised to update to the latest version to mitigate potential security threats.

References

https://github.com/kevinpapst/kimai2/releases/tag/1.1

x_refsource_MISC

https://github.com/kevinpapst/kimai2/pull/962

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2019
Vulnerability Reserved
Aug 22, 2019

CVE-2019-15481 Data

JSON