{"url":"http://public2.vulnerablecode.io/api/packages/446029?format=json","purl":"pkg:composer/kevinpapst/kimai2@0.9","type":"composer","namespace":"kevinpapst","name":"kimai2","version":"0.9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.16.7","latest_non_vulnerable_version":"1.16.7","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206669?format=json","vulnerability_id":"VCID-32jk-xrr9-x7bs","summary":"Cross-site Scripting in kimai2","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3976","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27142","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26939","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27146","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2716","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3976"},{"reference_url":"https://github.com/kevinpapst/kimai2/commit/b28e9c120c87222e21a238f1b03a609d6a5d506e","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/commit/b28e9c120c87222e21a238f1b03a609d6a5d506e"},{"reference_url":"https://huntr.dev/bounties/0567048a-118c-42ec-9f94-b55533017406","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/0567048a-118c-42ec-9f94-b55533017406"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3976","reference_id":"CVE-2021-3976","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3976"},{"reference_url":"https://github.com/advisories/GHSA-427q-jp8v-ww95","reference_id":"GHSA-427q-jp8v-ww95","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-427q-jp8v-ww95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18100?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g6km-tw31-vfgv"},{"vulnerability":"VCID-pdbx-pvt6-z3d8"},{"vulnerability":"VCID-vczf-aycd-pbgf"},{"vulnerability":"VCID-xfdw-t5qc-37gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.16.2"}],"aliases":["CVE-2021-3976","GHSA-427q-jp8v-ww95"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-32jk-xrr9-x7bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206666?format=json","vulnerability_id":"VCID-6axp-mg8n-33hj","summary":"Cross-site Scripting in kimai2","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3957","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25556","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25357","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25559","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25574","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3957"},{"reference_url":"https://github.com/kevinpapst/kimai2/commit/6b49535b523dcd36ec59462ee4e67e2b3a9151f3","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/commit/6b49535b523dcd36ec59462ee4e67e2b3a9151f3"},{"reference_url":"https://huntr.dev/bounties/5fa3098a-ba02-45e0-af56-645e34dbc691","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/5fa3098a-ba02-45e0-af56-645e34dbc691"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3957","reference_id":"CVE-2021-3957","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3957"},{"reference_url":"https://github.com/advisories/GHSA-2xwq-h7r9-6w27","reference_id":"GHSA-2xwq-h7r9-6w27","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xwq-h7r9-6w27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18099?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.16.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/18100?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g6km-tw31-vfgv"},{"vulnerability":"VCID-pdbx-pvt6-z3d8"},{"vulnerability":"VCID-vczf-aycd-pbgf"},{"vulnerability":"VCID-xfdw-t5qc-37gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.16.2"}],"aliases":["CVE-2021-3957","GHSA-2xwq-h7r9-6w27"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6axp-mg8n-33hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206668?format=json","vulnerability_id":"VCID-f87q-jsuj-f3br","summary":"Cross-site Scripting in kimai2","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3963","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27142","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26939","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27146","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2716","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3963"},{"reference_url":"https://github.com/kevinpapst/kimai2/commit/95796ab2560ad93f44068a88f0fad758c2053514","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/commit/95796ab2560ad93f44068a88f0fad758c2053514"},{"reference_url":"https://huntr.dev/bounties/3abf308b-7dbd-4864-b1a9-5c45b876def8","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/3abf308b-7dbd-4864-b1a9-5c45b876def8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3963","reference_id":"CVE-2021-3963","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3963"},{"reference_url":"https://github.com/advisories/GHSA-gf2c-93hm-r9j5","reference_id":"GHSA-gf2c-93hm-r9j5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gf2c-93hm-r9j5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18099?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.16.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/18100?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g6km-tw31-vfgv"},{"vulnerability":"VCID-pdbx-pvt6-z3d8"},{"vulnerability":"VCID-vczf-aycd-pbgf"},{"vulnerability":"VCID-xfdw-t5qc-37gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.16.2"}],"aliases":["CVE-2021-3963","GHSA-gf2c-93hm-r9j5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f87q-jsuj-f3br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206927?format=json","vulnerability_id":"VCID-g6km-tw31-vfgv","summary":"Cross-Site Request Forgery in kimai2","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4033","reference_id":"","reference_type":"","scores":[{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.303","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30104","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30318","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4033"},{"reference_url":"https://github.com/kevinpapst/kimai2/commit/1da26e041df62c10bd8075d78f2db7854d3eee07","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/commit/1da26e041df62c10bd8075d78f2db7854d3eee07"},{"reference_url":"https://huntr.dev/bounties/e05be1f7-d00c-4cfd-9390-ccd9d1c737b7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/e05be1f7-d00c-4cfd-9390-ccd9d1c737b7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4033","reference_id":"CVE-2021-4033","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4033"},{"reference_url":"https://github.com/advisories/GHSA-4jwx-78vx-gm6g","reference_id":"GHSA-4jwx-78vx-gm6g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4jwx-78vx-gm6g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18318?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.16.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.16.7"}],"aliases":["CVE-2021-4033","GHSA-4jwx-78vx-gm6g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6km-tw31-vfgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/312091?format=json","vulnerability_id":"VCID-kmxt-atqe-e3c9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15481","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45124","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45273","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45286","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45274","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15481"},{"reference_url":"https://github.com/kevinpapst/kimai2/releases/tag/1.1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/releases/tag/1.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15481","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15481"},{"reference_url":"https://github.com/advisories/GHSA-7v44-75jf-22gj","reference_id":"GHSA-7v44-75jf-22gj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7v44-75jf-22gj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385150?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/446032?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32jk-xrr9-x7bs"},{"vulnerability":"VCID-6axp-mg8n-33hj"},{"vulnerability":"VCID-f87q-jsuj-f3br"},{"vulnerability":"VCID-g6km-tw31-vfgv"},{"vulnerability":"VCID-pdbx-pvt6-z3d8"},{"vulnerability":"VCID-pg37-6aav-tfd3"},{"vulnerability":"VCID-vczf-aycd-pbgf"},{"vulnerability":"VCID-xfdw-t5qc-37gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.1"}],"aliases":["CVE-2019-15481","GHSA-7v44-75jf-22gj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmxt-atqe-e3c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206762?format=json","vulnerability_id":"VCID-pdbx-pvt6-z3d8","summary":"kimai2 is vulnerable to Cross-site Scripting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3985","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63282","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6318","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6329","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63293","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3985"},{"reference_url":"https://github.com/kevinpapst/kimai2/commit/76e09447c85e762882126b49626a4fe4d93fe8b5","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/commit/76e09447c85e762882126b49626a4fe4d93fe8b5"},{"reference_url":"https://github.com/kevinpapst/kimai2/releases/tag/1.16.3","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/releases/tag/1.16.3"},{"reference_url":"https://huntr.dev/bounties/89d6c3de-efbd-4354-8cc8-46e999e4c5a4","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/89d6c3de-efbd-4354-8cc8-46e999e4c5a4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3985","reference_id":"CVE-2021-3985","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3985"},{"reference_url":"https://github.com/advisories/GHSA-x68c-4gmm-5g43","reference_id":"GHSA-x68c-4gmm-5g43","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x68c-4gmm-5g43"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18175?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.16.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g6km-tw31-vfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.16.3"}],"aliases":["CVE-2021-3985","GHSA-x68c-4gmm-5g43"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdbx-pvt6-z3d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208742?format=json","vulnerability_id":"VCID-pg37-6aav-tfd3","summary":"Improper Neutralization of Formula Elements in a CSV File in Kimai 2","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43515","reference_id":"","reference_type":"","scores":[{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66596","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66503","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66609","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66611","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43515"},{"reference_url":"https://github.com/kevinpapst/kimai2/commit/dad1b8b772947f1596175add1b4f33b791705507#diff-6774f5865dbaf8bc6c55b75bd92e6f9950ebe7834aa2efd828a19fd637e667cf","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/commit/dad1b8b772947f1596175add1b4f33b791705507#diff-6774f5865dbaf8bc6c55b75bd92e6f9950ebe7834aa2efd828a19fd637e667cf"},{"reference_url":"https://github.com/kevinpapst/kimai2/pull/2532","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/pull/2532"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43515","reference_id":"CVE-2021-43515","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43515"},{"reference_url":"https://github.com/advisories/GHSA-64fq-9c6w-rq44","reference_id":"GHSA-64fq-9c6w-rq44","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-64fq-9c6w-rq44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20073?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32jk-xrr9-x7bs"},{"vulnerability":"VCID-6axp-mg8n-33hj"},{"vulnerability":"VCID-f87q-jsuj-f3br"},{"vulnerability":"VCID-g6km-tw31-vfgv"},{"vulnerability":"VCID-pdbx-pvt6-z3d8"},{"vulnerability":"VCID-vczf-aycd-pbgf"},{"vulnerability":"VCID-xfdw-t5qc-37gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.14.1"}],"aliases":["CVE-2021-43515","GHSA-64fq-9c6w-rq44"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pg37-6aav-tfd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206772?format=json","vulnerability_id":"VCID-vczf-aycd-pbgf","summary":"Cross-site Scripting in kimai2","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3983","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4317","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43011","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4318","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43189","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3983"},{"reference_url":"https://github.com/kevinpapst/kimai2/commit/89bfa82c61da0d3639e4038e689e25467baac8a0","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/commit/89bfa82c61da0d3639e4038e689e25467baac8a0"},{"reference_url":"https://github.com/kevinpapst/kimai2/releases/tag/1.16.3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/releases/tag/1.16.3"},{"reference_url":"https://huntr.dev/bounties/c96f3480-dccf-4cc2-99a4-d2b3a7462413","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/c96f3480-dccf-4cc2-99a4-d2b3a7462413"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3983","reference_id":"CVE-2021-3983","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3983"},{"reference_url":"https://github.com/advisories/GHSA-67c7-5v9j-227r","reference_id":"GHSA-67c7-5v9j-227r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-67c7-5v9j-227r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18175?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.16.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g6km-tw31-vfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.16.3"}],"aliases":["CVE-2021-3983","GHSA-67c7-5v9j-227r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vczf-aycd-pbgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206771?format=json","vulnerability_id":"VCID-xfdw-t5qc-37gw","summary":"kimai2 is vulnerable to Improper Access Control","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3992","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45667","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45519","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45662","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45676","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3992"},{"reference_url":"https://github.com/kevinpapst/kimai2/commit/ff9acab0fc81f0e9490462739ef15fe4ab028ea5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kevinpapst/kimai2/commit/ff9acab0fc81f0e9490462739ef15fe4ab028ea5"},{"reference_url":"https://huntr.dev/bounties/a0c438fb-c8e1-40cf-acc6-c8a532b80b93","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/a0c438fb-c8e1-40cf-acc6-c8a532b80b93"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3992","reference_id":"CVE-2021-3992","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3992"},{"reference_url":"https://github.com/advisories/GHSA-9w8f-7wgr-2h7g","reference_id":"GHSA-9w8f-7wgr-2h7g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9w8f-7wgr-2h7g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18175?format=json","purl":"pkg:composer/kevinpapst/kimai2@1.16.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g6km-tw31-vfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@1.16.3"}],"aliases":["CVE-2021-3992","GHSA-9w8f-7wgr-2h7g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xfdw-t5qc-37gw"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/kevinpapst/kimai2@0.9"}