📦 Kimai
by Kimai
🔍 What is Kimai?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through crafted PHP scripts. This enables session hijacking where attackers can impersonate l...
CVE-2021-43515 is a CSV injection vulnerability in Kimai time tracking software that allows attackers to inject malicious formulas into exported CSV files. When users open these files in spreadsheet a...
Kimai 2 contains a persistent cross-site scripting (XSS) vulnerability that allows attackers to inject malicious SVG scripts into timesheet descriptions. When other users view these manipulated timesh...
This vulnerability allows authenticated users with export permissions in Kimai time-tracking software to deploy malicious Twig templates that bypass security sandboxing. Attackers can extract sensitiv...