CVE-2021-3976

MEDIUM4.3EPSS 0.10%

Cross-site Scripting in kimai2

Published: 11/23/2021Modified: 11/8/2023

Description

CSRF related to duplicate action. (the duplication occurs first before redirecting to edit form). This vulnerability is capable of tricking admin users to duplicate teams.

Affected packages (1)

Packagist/kevinpapst/kimai2from 0, < 1.16.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-3976
WEBhttps://github.com/kevinpapst/kimai2/commit/b28e9c120c87222e21a238f1b03a609d6a5d506e
WEBhttps://huntr.dev/bounties/0567048a-118c-42ec-9f94-b55533017406