MEDIUM
Timeclock
CVE published 2026-05-15
CVE-2021-47967
CVE-2021-47967 is a medium-severity cross-site scripting issue affecting PHP Timeclock 1.04. The supplied NVD record says unauthenticated attackers can inject JavaScript through URL paths and POST parameters in login.php, timeclock.php, audit.php, and timerpt.php, including the from_date and to_date parameters used in report requests. The CVE record was published on 2026-05-15 and last modified on 2026-05-18.