Cross Site Scripting Vulnerability in Kimai2 by Kevin Papst
CVE-2020-19825
9.6CRITICAL
What is CVE-2020-19825?
A Cross Site Scripting (XSS) vulnerability has been identified in Kimai2, specifically in the file located at /src/Twig/Runtime/MarkdownExtension.php. This flaw permits attackers to execute arbitrary scripts in the context of a user's session, potentially leading to escalated privileges and unauthorized access to sensitive information. Users are advised to mitigate this risk by applying relevant security updates and validating their configurations.