Vulnerability DatabaseWS-2023-0104
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2023-0104
Published:May 15, 2026
Updated:May 15, 2026
A Stored HTML injection to XSS vulnerability was found in GitHub repository kimai/kimai prior to 2.0.13.
Affected Packages
kimai/kimai (PHP):
Affected version(s) =2.0.5 <dev-release-2.0.5
Fix Suggestion:
Update to version dev-release-2.0.5
kimai/kimai (PHP):
Affected version(s) >=2.0.0-rc-1 <dev-2fa-saml
Fix Suggestion:
Update to version dev-2fa-saml
kimai/kimai (PHP):
Affected version(s) >=1.30.4 <dev-release-2.0-beta
Fix Suggestion:
Update to version dev-release-2.0-beta
kimai/kimai (PHP):
Affected version(s) >=2.0.3 <dev-release-2.0.4
Fix Suggestion:
Update to version dev-release-2.0.4
kimai/kimai (PHP):
Affected version(s) >=1.4 <dev-fixes-1.12
Fix Suggestion:
Update to version dev-fixes-1.12
kimai/kimai (PHP):
Affected version(s) >=2.0.6 <dev-release-2.0.11
Fix Suggestion:
Update to version dev-release-2.0.11
kimai/kimai (PHP):
Affected version(s) >=2.0.0-beta <dev-release-2.0-beta-3
Fix Suggestion:
Update to version dev-release-2.0-beta-3
kimai/kimai (PHP):
Affected version(s) >=1.1.0 <1.3
Fix Suggestion:
Update to version 1.3
kimai/kimai (PHP):
Affected version(s) >=2.0.1 <dev-release-2-0-2
Fix Suggestion:
Update to version dev-release-2-0-2
kimai/kimai (PHP):
Affected version(s) >=0.1 <1.0
Fix Suggestion:
Update to version 1.0
kimai/kimai (PHP):
Affected version(s) =1.0.1 <1.1.0
Fix Suggestion:
Update to version 1.1.0
kimai/kimai (PHP):
Affected version(s) >=1.30.2 <dev-release-1.30.3
Fix Suggestion:
Update to version dev-release-1.30.3
kimai/kimai (PHP):
Affected version(s) =1.3.1 <v1.3.2
Fix Suggestion:
Update to version v1.3.2
kimai/kimai (PHP):
Affected version(s) =2.0.12 <dev-release-2.0.12
Fix Suggestion:
Update to version dev-release-2.0.12
kimai/kimai (PHP):
Affected version(s) =1.x-dev <dev-kevinpapst-patch-1
Fix Suggestion:
Update to version dev-kevinpapst-patch-1
kimai/kimai (PHP):
Affected version(s) >=1.13 <dev-release-1.30.1
Fix Suggestion:
Update to version dev-release-1.30.1
Related Resources (1)
https://github.com/kimai/kimai/commit/01226a12434a6379c1c8f50e70035821cfa2d4a5
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
HIGH