CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HKimai
APPKimai< 1.14.1
Powiązane podatności
Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.ph...
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies thr...
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-...
Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLE_USER...
Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with th...