CVE-2024-6892

Aug. 8, 2024, 1:04 p.m.

Tags

2024-08-08
bbf0bd87-ece2-41be-b873-96928ee8fab9
CVE-2024-6892
CWE-81

Product(s) Impacted

Journyx web application

Description

Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.

Weaknesses

CWE-81
Improper Neutralization of Script in an Error Message Web Page

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page.

CWE ID: 81

Date

Published: Aug. 8, 2024, 12:15 a.m.

Last Modified: Aug. 8, 2024, 1:04 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

bbf0bd87-ece2-41be-b873-96928ee8fab9

References

https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt
bbf0bd87-ece2-41be-b873-96928ee8fab9