kimai/kimai is vulnerable to Cross-site Scripting (XSS) attacks. The library does not properly escape the user input of MarkdownExtension.php
, which allows an attacker to inject and execute malicious JavaScript on a victim’s browser which can result in an attacker gaining escalated privileges.