{"id":"CVE-2021-3983","details":"kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","aliases":["GHSA-67c7-5v9j-227r"],"modified":"2026-05-18T22:58:06.265153Z","published":"2021-12-01T12:15:07.683Z","references":[{"type":"FIX","url":"https://github.com/kevinpapst/kimai2/commit/89bfa82c61da0d3639e4038e689e25467baac8a0"},{"type":"FIX","url":"https://huntr.dev/bounties/c96f3480-dccf-4cc2-99a4-d2b3a7462413"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kimai/kimai","events":[{"introduced":"0"},{"fixed":"ff9acab0fc81f0e9490462739ef15fe4ab028ea5"},{"fixed":"89bfa82c61da0d3639e4038e689e25467baac8a0"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.16.3"}],"cpe":"cpe:2.3:a:kimai2_project:kimai2:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"]}}],"versions":["1.16.2","1.16.1","1.16","1.15.6","1.15.5","1.15.4","1.15.3","1.15.2","1.15.1","1.15","1.14.3","1.14.2","1.14.1","1.14","1.13","1.12","1.11.1","1.11","1.10.2","1.10.1","1.10","1.9","1.8","1.7","1.6.2","1.6.1","1.6","1.5","1.4.2","1.4.1","1.4","1.3","1.2","1.1","1.0.1","1.0","0.9","0.8.1","0.8","0.7","0.6.1","0.6","0.5","0.4","0.3","0.2","0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3983.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}