VYPR

Kimai2

by Kevinpapst

Source repositories

CVEs (3)

  • CVE-2019-25317Feb 11, 2026
    risk 0.00cvss epss 0.00

    Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed…

  • CVE-2023-53957Dec 19, 2025
    risk 0.00cvss epss 0.01

    Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling…

  • CVE-2020-19825CriFeb 15, 2023
    risk 0.00cvss 9.6epss 0.01

    Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.