CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)

Valid

Reported on

Nov 15th 2021

**Description**

CSRF in deleting invoice templates

**Proof of Concept**

    <a href="https://[KIMAi_URL]/en/invoice/template/7/delete">CLICK ME!</a>
    

**Impact**

This vulnerability is capable of tricking admin user to delete invoice templates.

**Occurences**

![](https://huntr.dev/_nuxt/img/generic-avatar.9a3295c.png)

We are processing your report and will contact the kevinpapst/kimai2 team within 24 hours. 3 days ago

![](https://huntr.dev/_nuxt/img/generic-avatar.9a3295c.png)

We have contacted a member of the kevinpapst/kimai2 team and are waiting to hear back 2 days ago

![](https://avatars.githubusercontent.com/u/533162?v=4)

![](https://avatars.githubusercontent.com/u/533162?v=4)

haxatron has been awarded the disclosure bounty

The fix bounty is now up for grabs

![](https://avatars.githubusercontent.com/u/533162?v=4)

![](https://huntr.dev/_nuxt/img/generic-avatar.9a3295c.png)

We are processing your report and will contact the kevinpapst/kimai2 team within 24 hours. 3 days ago

![](https://huntr.dev/_nuxt/img/generic-avatar.9a3295c.png)

We have contacted a member of the kevinpapst/kimai2 team and are waiting to hear back 2 days ago

![](https://avatars.githubusercontent.com/u/533162?v=4)

![](https://avatars.githubusercontent.com/u/533162?v=4)

haxatron has been awarded the disclosure bounty

The fix bounty is now up for grabs

![](https://avatars.githubusercontent.com/u/533162?v=4)

Headline

CVE-2021-3963: Cross-Site Request Forgery (CSRF) in kimai2

CVE: Latest News