CNNVD-202602-1930 Information

CNNVD ID

CNNVD-202602-1930

Related CVE

CVE-2019-25317

• CNNVD Published: 2026-02-11

Description (Chinese)

kimai是kimai个人开发者的一个基于网络的多用户时间跟踪应用程序。 kimai 2存在跨站脚本漏洞，该漏洞源于存储型跨站脚本，可能导致在时间表描述中注入基于SVG的恶意脚本，在其他用户加载页面时执行任意JavaScript。

Description (English)

kimai is a web-based multi-user time tracking application for kimai personal developers. kimai 2 has a cross-site script loophole, which originates from a storage-type cross-site script, which may result in the injection of a svG-based malicious script into the schedule description and the execution of any JavaScript when other users load pages.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2026-02-11

Last Modified

2026-02-24

References

https://github.com/kevinpapst/kimai2 https://github.com/kevinpapst/kimai2/pull/962 https://www.exploit-db.com/exploits/47286 https://www.vulncheck.com/advisories/kimai-persistent-cross-site-scripting-xss