Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
Journyx web application
Source
bbf0bd87-ece2-41be-b873-96928ee8fab9
Tags
CVE-2024-6892 details
Published : Aug. 8, 2024, 12:15 a.m.
Last Modified : Aug. 8, 2024, 1:04 p.m.
Last Modified : Aug. 8, 2024, 1:04 p.m.
Description
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-81 | Improper Neutralization of Script in an Error Message Web Page | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page. |
References
| URL | Source |
|---|---|
| https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt | bbf0bd87-ece2-41be-b873-96928ee8fab9 |
This website uses the NVD API, but is not approved or certified by it.