CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-19825

Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.6%

CVSS Severity

CVSS v3 Score 9.6

References

https://github.com/kevinpapst/kimai2
https://github.com/kevinpapst/kimai2/pull/962/files
https://github.com/kevinpapst/kimai2
https://github.com/kevinpapst/kimai2/pull/962/files

Products affected by CVE-2020-19825

Kimai » Kimai » Version: 1.30.0

cpe:2.3:a:kimai:kimai:1.30.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-19825

Products

Pricing

Contact Us