CVE-2024-6892

Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:*:*:*

History

06 Sep 2024, 16:33

Type Values Removed Values Added
CPE cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:*:*:*
CWE CWE-79
First Time Journyx journyx
Journyx
References () https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt - () https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt - Third Party Advisory

09 Aug 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

08 Aug 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) Los atacantes pueden crear un enlace malicioso que, una vez hecho clic, ejecutará JavaScript arbitrario en el contexto de la aplicación web Journyx.

08 Aug 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 00:15

Updated : 2024-09-06 16:33


NVD link : CVE-2024-6892

Mitre link : CVE-2024-6892

CVE.ORG link : CVE-2024-6892


JSON object : View

Products Affected

journyx

  • journyx
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-81

Improper Neutralization of Script in an Error Message Web Page