CVE-2026-40479 | Kimai up to 2.52.x KimaiEscape.js escapeForHtml cross site scripting (GHSA-g82g-m9vx-vhjg)

A vulnerability was found in Kimai up to 2.52.x. It has been classified as problematic. Affected is the function escapeForHtml of the file KimaiEscape.js. The manipulation leads to cross site scripting.

This vulnerability is documented as CVE-2026-40479. The attack can be initiated remotely. There is not any exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More