Kimai is an open source, web-based multi-user time tracking application. kimai 2 1.16.2 previously contained a cross-site request forgery vulnerability, which stems from the product’s failure to verify that requests originate from trusted users. An attacker could send an unintended request to the server through this vulnerability.