CVE-2019-25317

Name of the Vulnerable Software and Affected Versions Kimai 2 (affected versions not specified)

Description The software contains a persistent cross-site scripting issue that enables attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads into the description field, leading to the execution of arbitrary JavaScript when the page is loaded and viewed by other users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.