Headline
CVE-2021-3963: Cross-Site Request Forgery (CSRF) in kimai2
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
Valid
Reported on
Nov 15th 2021
Description
CSRF in deleting invoice templates
Proof of Concept
<a href="https://[KIMAi_URL]/en/invoice/template/7/delete">CLICK ME!</a>
Impact
This vulnerability is capable of tricking admin user to delete invoice templates.
Occurences
We are processing your report and will contact the kevinpapst/kimai2 team within 24 hours. 3 days ago
We have contacted a member of the kevinpapst/kimai2 team and are waiting to hear back 2 days ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs
We are processing your report and will contact the kevinpapst/kimai2 team within 24 hours. 3 days ago
We have contacted a member of the kevinpapst/kimai2 team and are waiting to hear back 2 days ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs