CVE-2023-53957

Published: Dic 19, 2025 Last Modified: Feb 19, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: active
Confidentiality: N/A
Integrity: N/A
Availability: N/A
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,2th
Updated

EPSS Score Trend (Last 86 Days)

1275

Sensitive Cookie with Improper SameSite Attribute

Incomplete
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Non-Repudiation Access Control
Potential Impacts:
Modify Application Data
Applicable Platforms
Technologies: Web Based, Web Server
Likelihood of Exploit: Medium
View CWE Details
Application

Kimai by Kimai

Product Information
Vendor Kimai
Product Kimai
Version 1.30.10
cpe:2.3:a:kimai:kimai:1.30.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/kimai/kimai/releases/tag/1.30.10
https://github.com/kimai/kimai/releases/tag/1.30.10
https://www.exploit-db.com/exploits/51278
https://www.exploit-db.com/exploits/51278
https://www.vulncheck.com/advisories/kimai-samesite-cookie-…
https://www.vulncheck.com/advisories/kimai-samesite-cookie-vulnerability-sessio…