PatchSiren cyber security CVE debrief
CVE-2021-47967 Timeclock CVE debrief
CVE-2021-47967 is a medium-severity cross-site scripting issue affecting PHP Timeclock 1.04. The supplied NVD record says unauthenticated attackers can inject JavaScript through URL paths and POST parameters in login.php, timeclock.php, audit.php, and timerpt.php, including the from_date and to_date parameters used in report requests. The CVE record was published on 2026-05-15 and last modified on 2026-05-18.
- Vendor
- Timeclock
- Product
- PHP Timeclock
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-15
- Original CVE updated
- 2026-05-18
- Advisory published
- 2026-05-15
- Advisory updated
- 2026-05-18
Who should care
Administrators of PHP Timeclock 1.04 deployments, application owners, and security teams responsible for web applications that expose login, timekeeping, audit, or reporting endpoints to untrusted users.
Technical summary
The NVD entry maps this issue to CWE-79 and gives a CVSS v4.0 vector consistent with network-reachable exploitation, low attack complexity, no privileges required, and user interaction needed. The vulnerability is described as multiple XSS paths in PHP Timeclock 1.04, with injection points in login.php, timeclock.php, audit.php, timerpt.php, and the from_date/to_date report parameters. Impact is browser-side script execution in a victim session, which can expose user data or enable session abuse depending on how the application handles authenticated workflows.
Defensive priority
Medium by score, but higher operational priority for any exposed PHP Timeclock 1.04 instance because the issue is unauthenticated and affects multiple request paths.
Recommended defensive actions
- Inventory any PHP Timeclock 1.04 deployments and confirm whether the affected endpoints are reachable.
- Limit access to the application until a fixed version or compensating control is in place.
- Review application output encoding and server-side validation for the affected paths and report parameters.
- Pay special attention to login.php, timeclock.php, audit.php, timerpt.php, and the from_date/to_date parameters.
- Check logs for suspicious requests targeting the affected endpoints and report workflows.
- Replace or upgrade PHP Timeclock 1.04 if a maintained, corrected release is available; otherwise consider isolating or retiring the application.
Evidence notes
The supplied NVD record identifies the weakness as CWE-79 and states that the vulnerability status is Deferred. It also lists the project homepage, the SourceForge PHP Timeclock 1.04 download page, an Exploit-DB reference, and a VulnCheck advisory as supporting references. The vendor data in the prompt is low-confidence and marked as needing review, so product attribution should be treated cautiously.
Official resources
The CVE record was published on 2026-05-15 and last modified on 2026-05-18. The supplied timeline does not include a CISA KEV listing.