# Affected software: http://kimai.org # Type of vulnerability: csrf # URL: http://demo.kimai.org # Discovered by: Provensec # Website: http://www.provensec.com # Description: csrf vulnerability in status edit mechanism due to no csrf token # Proof of concept: