Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-3963: Cross-Site Request Forgery (CSRF) in kimai2

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)

CVE
#csrf#vulnerability#git

Valid

Reported on

Nov 15th 2021

Description

CSRF in deleting invoice templates

Proof of Concept

<a href="https://[KIMAi_URL]/en/invoice/template/7/delete">CLICK ME!</a>

Impact

This vulnerability is capable of tricking admin user to delete invoice templates.

Occurences

We are processing your report and will contact the kevinpapst/kimai2 team within 24 hours. 3 days ago

We have contacted a member of the kevinpapst/kimai2 team and are waiting to hear back 2 days ago

haxatron has been awarded the disclosure bounty

The fix bounty is now up for grabs

We are processing your report and will contact the kevinpapst/kimai2 team within 24 hours. 3 days ago

We have contacted a member of the kevinpapst/kimai2 team and are waiting to hear back 2 days ago

haxatron has been awarded the disclosure bounty

The fix bounty is now up for grabs

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907