Osamaalaa

**Name of the Vulnerable Software and Affected Versions** Kimai 2 (affected versions not specified) **Description** The software contains a persistent cross-site scripting issue that enables attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads into the description field, leading to the execution of arbitrary JavaScript when the page is loaded and viewed by other users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.