HIGH🇵🇱 Wersja polska

CVE-2021-43515

CVSS 7.8v3.1pub. 2022-04-08upd. 2024-11-21

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Kimai

    APP
    Kimai
    < 1.14.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-19825CRITICAL9.6ten sam produkt

Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.ph...

CVE-2023-53957HIGH8.5ten sam produkt

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies thr...

CVE-2023-46245HIGH7.2ten sam produkt

Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-...

CVE-2026-42267MEDIUM5.4ten sam produkt

Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLE_USER...

CVE-2026-44298MEDIUM4.1ten sam produkt

Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with th...