Access Control: PHP Timeclock \<=1.04 - Cross-Site Scripting¶

Identifier: php_timeclock_xss

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

PHP Timeclock 1.04 and prior contains multiple cross-site scripting vulnerabilities via login.php, timeclock.php, reports/audit.php, and reports/timerpt.php.

How we test: We test for XSS vulnerabilities in PHP Timeclock by injecting malicious payloads into vulnerable endpoints and analyzing responses to detect if scripts are executed in the browser.

Reference:

https://www.exploit-db.com/exploits/49853

Configuration¶

Example¶

Example configuration:

---
security_tests:
  php_timeclock_xss:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.