Journyx 11.5.4 Cross Site Scripting Vulnerability

Journyx version 11.5.4 suffers from a cross site scripting vulnerability due to mishandling of the errordescription during an active directory login flow. Title: Journyx Reflected Cross Site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability...

Journyx 11.5.4 Cross Site Scripting

KL-001-2024-009: Journyx Reflected Cross Site Scripting Title: Journyx Reflected Cross Site Scripting Advisory ID: KL-001-2024-009 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability Details Affected Vendor: Journyx Affecte...

Journyx Reflected Cross Site Scripting

Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-81: Improper Neutralization of Script in an Error Message Web Page CVE ID: CVE-2024-6892 2. Vulnerability Description Attackers can craft a...

Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL. See CWE-81: Improper...

JVN#01161596: Safari vulnerable to script injection

Safari provided by Apple Inc. contains a script injection vulnerability CWE-81 in the processing of displaying an error page when it fails to verify server certificates. In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is output...