High severityOSV Advisory· Published Dec 19, 2025· Updated Apr 7, 2026
Kimai 1.30.10 SameSite Cookie Vulnerability Session Hijacking
CVE-2023-53957
Description
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kimai/kimaiPackagist | <= 1.30.10 | — |
Affected products
1- Range: 0.1, 0.2, 0.3, …
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.exploit-db.com/exploits/51278ghsaexploitWEB
- github.com/advisories/GHSA-cv8h-r7r5-vwj9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-53957ghsaADVISORY
- www.vulncheck.com/advisories/kimai-samesite-cookie-vulnerability-session-hijackingghsathird-party-advisoryWEB
- github.com/kimai/kimai/releases/tag/1.30.10mitreproduct
News mentions
0No linked articles in our index yet.