CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-53957

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.5%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/kimai/kimai/releases/tag/1.30.10
https://www.exploit-db.com/exploits/51278
https://www.vulncheck.com/advisories/kimai-samesite-cookie-vulnerability-session-hijacking

Products affected by CVE-2023-53957

Kimai » Kimai » Version: 1.30.10

cpe:2.3:a:kimai:kimai:1.30.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53957

Products

Pricing

Contact Us