Packagist (Composer) package
kevinpapst/kimai2
pkg:composer/kevinpapst/kimai2
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-43515 | — | < 1.14.1 | 1.14.1 | Apr 8, 2022 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file. | ||
| CVE-2021-4033 | — | < 1.16.7 | 1.16.7 | Dec 9, 2021 | kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-3983 | — | < 1.16.3 | 1.16.3 | Dec 1, 2021 | kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-3985 | — | < 1.16.3 | 1.16.3 | Dec 1, 2021 | kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-3992 | — | < 1.16.3 | 1.16.3 | Dec 1, 2021 | kimai2 is vulnerable to Improper Access Control | ||
| CVE-2021-3957 | — | < 1.16 | 1.16 | Nov 19, 2021 | kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-3963 | — | < 1.16 | 1.16 | Nov 19, 2021 | kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-3976 | — | < 1.16.2 | 1.16.2 | Nov 19, 2021 | kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2019-15481 | — | < 1.1 | 1.1 | Aug 23, 2019 | Kimai v2 before 1.1 has XSS via a timesheet description. |
- CVE-2021-43515Apr 8, 2022affected < 1.14.1fixed 1.14.1
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.
- CVE-2021-4033Dec 9, 2021affected < 1.16.7fixed 1.16.7
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-3983Dec 1, 2021affected < 1.16.3fixed 1.16.3
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3985Dec 1, 2021affected < 1.16.3fixed 1.16.3
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3992Dec 1, 2021affected < 1.16.3fixed 1.16.3
kimai2 is vulnerable to Improper Access Control
- CVE-2021-3957Nov 19, 2021affected < 1.16fixed 1.16
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-3963Nov 19, 2021affected < 1.16fixed 1.16
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-3976Nov 19, 2021affected < 1.16.2fixed 1.16.2
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2019-15481Aug 23, 2019affected < 1.1fixed 1.1
Kimai v2 before 1.1 has XSS via a timesheet description.