Vulnerability Description
PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, or inject code through from_date and to_date parameters in report requests to execute scripts in user browsers.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- http://timeclock.sourceforge.net
- https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock
- https://www.exploit-db.com/exploits/49853
- https://www.vulncheck.com/advisories/php-timeclock-multiple-cross-site-scripting
FAQ
What is CVE-2021-47967?
CVE-2021-47967 is a vulnerability with a CVSS score of 6.1 (MEDIUM). PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers c...
How severe is CVE-2021-47967?
CVE-2021-47967 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47967?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.