Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Kimai Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-46245 1 Kimai 1 Kimai 2024-01-12 N/A 7.2 HIGH
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. Version 2.1.0 enables security measures for custom Twig templates.
CVE-2021-4033 1 Kimai 1 Kimai 2 2021-12-13 4.3 MEDIUM 6.5 MEDIUM
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3985 1 Kimai 1 Kimai2 2021-12-02 6.0 MEDIUM 9.0 CRITICAL
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3957 1 Kimai 1 Kimai 2 2021-11-23 4.3 MEDIUM 4.3 MEDIUM
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3976 1 Kimai 1 Kimai 2 2021-11-23 4.3 MEDIUM 6.5 MEDIUM
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3963 1 Kimai 1 Kimai 2 2021-11-23 4.3 MEDIUM 4.3 MEDIUM
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2019-15481 1 Kimai 1 Kimai 2 2019-08-26 4.3 MEDIUM 6.1 MEDIUM
Kimai v2 before 1.1 has XSS via a timesheet description.