Strix
26.1K

CVE-2026-40479

MEDIUMCVSS 5.4/10EPSS 0.21%

Last modified

CVE-2026-40479 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEscape.js does not escape double quote or single quote characters. EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEscape.js does not escape double quote or single quote characters. When a user's profile alias is inserted into an HTML attribute context via the team member form prototype and rendered through innerHTML, this incomplete escaping allows HTML attribute injection. An authenticated user with ROLE_USER privileges can store a malicious alias that executes JavaScript in the browser of any administrator viewing the team form, resulting in stored XSS with privilege escalation. This issue has been fixed in version 2.53.0.

Metrics

CVSS 3.1
5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.21%

10.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
KimaiKimai< 2.53.0

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2026-40479?
Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEscape.js does not escape double quote or single quote characters. When a user's profile alias is inserted into an HTML attribute context via the team member form prototype and rendered through innerHTML, this incomplete escaping allows HTML attribute injection. An authenticated user with ROLE_USER privileges can store a malicious alias that executes JavaScript in the browser of any administrator viewing the team form, resulting in stored XSS with privilege escalation. This issue has been fixed in version 2.53.0.
How severe is CVE-2026-40479?
CVE-2026-40479 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.
How do I fix CVE-2026-40479?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-40479?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST