CVE-2021-3963

MEDIUM4.3EPSS 0.10%

Cross-site Scripting in kimai2

Published: 11/23/2021Modified: 11/8/2023

Description

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) in deleting invoice templates. This vulnerability is capable of tricking admin user to delete invoice templates.

Affected packages (1)

Packagist/kevinpapst/kimai2from 0, < 1.16

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-3963
WEBhttps://github.com/kevinpapst/kimai2/commit/95796ab2560ad93f44068a88f0fad758c2053514
WEBhttps://huntr.dev/bounties/3abf308b-7dbd-4864-b1a9-5c45b876def8