Description
PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, or inject code through from_date and to_date parameters in report requests to execute scripts in user browsers.
Published: 2026-05-15
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Timeclock
Timeclock php Timeclock
Vendors & Products Timeclock
Timeclock php Timeclock

Fri, 15 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 15 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, or inject code through from_date and to_date parameters in report requests to execute scripts in user browsers.
Title PHP Timeclock 1.04 Multiple Cross-Site Scripting via Parameters
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


Subscriptions

Timeclock Php Timeclock
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-24T01:37:16.512Z

Reserved: 2026-05-15T16:37:12.642Z

Link: CVE-2021-47967

cve-icon Vulnrichment

Updated: 2026-05-15T21:14:00.289Z

cve-icon NVD

Status : Deferred

Published: 2026-05-15T19:16:56.433

Modified: 2026-06-17T04:18:50.850

Link: CVE-2021-47967

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T17:01:06Z

Weaknesses