Kimai v2 before 1.1 has XSS via a timesheet description.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-15481
https://github.com/kevinpapst/kimai2/pull/962
https://github.com/kevinpapst/kimai2/releases/tag/1.1
https://github.com/advisories/GHSA-…