ByteOS Network

Vulnerability Details :

CVE-2023-53957

Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At-19 Dec, 2025 | 21:05

Updated At-07 Apr, 2026 | 14:08

Kimai 1.30.10 SameSite Cookie Vulnerability Session Hijacking

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulnCheck

Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At:19 Dec, 2025 | 21:05

Updated At:07 Apr, 2026 | 14:08

▼CVE Numbering Authority (CNA)

Kimai 1.30.10 SameSite Cookie Vulnerability Session Hijacking

Affected Products

Vendor

Kimai

Product

Kimai

Versions

Affected

1.30.10

Problem Types

Type	CWE ID	Description
CWE	CWE-1275	Sensitive Cookie with Improper SameSite Attribute

Type: CWE

CWE ID: CWE-1275

Description: Sensitive Cookie with Improper SameSite Attribute

Metrics

Version	Base score	Base severity	Vector
4.0	8.5	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version: 4.0

Base score: 8.5

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Credits

finder

nu11secur1ty

References

Hyperlink	Resource
https://www.exploit-db.com/exploits/51278	exploit
https://github.com/kimai/kimai/releases/tag/1.30.10	product
https://www.vulncheck.com/advisories/kimai-samesite-cookie-vulnerability-session-hijacking	third-party-advisory

Hyperlink: https://www.exploit-db.com/exploits/51278

Resource:

exploit

Hyperlink: https://github.com/kimai/kimai/releases/tag/1.30.10

Resource:

product

Hyperlink: https://www.vulncheck.com/advisories/kimai-samesite-cookie-vulnerability-session-hijacking

Resource:

third-party-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:disclosure@vulncheck.com

Published At:19 Dec, 2025 | 21:15

Updated At:19 Feb, 2026 | 21:53

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.5	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 8.5

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CPE Matches

kimai>>kimai>>1.30.10

cpe:2.3:a:kimai:kimai:1.30.10:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-1275	Primary	disclosure@vulncheck.com

CWE ID: CWE-1275

Type: Primary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
https://github.com/kimai/kimai/releases/tag/1.30.10	disclosure@vulncheck.com	Product Release Notes
https://www.exploit-db.com/exploits/51278	disclosure@vulncheck.com	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/kimai-samesite-cookie-vulnerability-session-hijacking	disclosure@vulncheck.com	Third Party Advisory

Hyperlink: https://github.com/kimai/kimai/releases/tag/1.30.10

Source: disclosure@vulncheck.com

Resource:

Product

Release Notes

Hyperlink: https://www.exploit-db.com/exploits/51278

Source: disclosure@vulncheck.com

Resource:

Exploit

Third Party Advisory

VDB Entry

Hyperlink: https://www.vulncheck.com/advisories/kimai-samesite-cookie-vulnerability-session-hijacking

Source: disclosure@vulncheck.com

Resource:

Third Party Advisory

Similar CVEs

2Records found

CVE-2024-6611

Matching Score-4

Assigner-Mozilla Corporation

View Details

Matching Score-4

Assigner-Mozilla Corporation

CVSS Score-9.8||CRITICAL

EPSS-0.59% / 69.33%

7 Day CHG~0.00%

Published-09 Jul, 2024 | 14:25

Updated-30 Oct, 2025 | 16:15

Incorrect handling of SameSite cookies

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.

Vendor-Mozilla Corporation

Product-thunderbird firefox Firefox Thunderbird firefox

CWE ID-CWE-1275

Sensitive Cookie with Improper SameSite Attribute

CVE-2025-52628

Matching Score-4

Assigner-HCL Software

View Details

Matching Score-4

Assigner-HCL Software

CVSS Score-4.6||MEDIUM

EPSS-0.05% / 16.86%

7 Day CHG~0.00%

Published-03 Feb, 2026 | 18:06

Updated-25 Apr, 2026 | 17:59

HCL AION is susceptible to Missing SameSite vulnerability

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.

Vendor-HCL Technologies Ltd.

Product-aion AION

CWE ID-CWE-1275

Sensitive Cookie with Improper SameSite Attribute

CVE-2023-53957

Credits

Kimai 1.30.10 SameSite Cookie Vulnerability Session Hijacking

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs