Описание
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
EPSS
Процентиль: 18%
0.00056
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-1275
Связанные уязвимости
CVSS3: 9.8
github
около 2 месяцев назад
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
EPSS
Процентиль: 18%
0.00056
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-1275