8 matches found
Journyx 11.5.4 - Reflected Cross Site Scripting
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. id: CVE-2024-6892 info: name: Journyx 11.5.4 - Reflected Cross Site Scripting author: DhiyaneshDk severity: medium description: | Attackers can craft a malicious...
CVE-2024-6892
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application...
Journyx 11.5.4 Cross Site Scripting
KL-001-2024-009: Journyx Reflected Cross Site Scripting Title: Journyx Reflected Cross Site Scripting Advisory ID: KL-001-2024-009 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability Details Affected Vendor: Journyx Affecte...
Journyx 11.5.4 Cross Site Scripting Vulnerability
Journyx version 11.5.4 suffers from a cross site scripting vulnerability due to mishandling of the errordescription during an active directory login flow. Title: Journyx Reflected Cross Site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability...
CVE-2024-6892 Journyx Reflected Cross Site Scripting
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application...
CVE-2024-6892
Summary of CVE-2024-6892 (Journyx Reflected XSS) Affected product: Journyx (jtime) version 11.5.4. Root cause: Reflected cross-site scripting caused by unsanitized/reflected error_description parameter in the active directory login flow, which can be set via the URL and reflected in the page resp...
CVE-2024-6892 Journyx Reflected Cross Site Scripting
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application...
Journyx Reflected Cross Site Scripting
Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-81: Improper Neutralization of Script in an Error Message Web Page CVE ID: CVE-2024-6892 2. Vulnerability Description Attackers can craft a...