CVE-2019-25317 in Kimai v2info

Summary

by MITRE • 02/11/2026

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

08/22/2019

Disclosure

02/11/2026

Moderation

accepted

Entry

VDB-140721

CPE

ready

CWE

CWE-79 (confirmed)

CVSS

6.1 (NVD)

EPSS

0.00223

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-25317
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-25317
CVE Details	https://www.cvedetails.com/cve/CVE-2019-25317/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!