Access Control: PHP Timeclock \<=1.04 - Cross-Site Scripting¶

Identifier: php_timeclock_xss

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

PHP Timeclock 1.04 and prior contains multiple cross-site scripting vulnerabilities via login.php, timeclock.php, reports/audit.php. and reports/timerpt.php

Reference:

https://www.exploit-db.com/exploits/49853

Configuration¶

Example¶

Example configuration:

---
security_tests:
  php_timeclock_xss:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.