Improper Neutralization of Script in an Error Message Web Page

CVE-2024-6892

Medium

6.1/10

Summary

Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-81 - Improper Neutralization of Script in an Error Message Web Page

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page.

References

Advisory Timeline

Published Aug 08, 2024

Improper Neutralization of Script in an Error Message Web Page

CVE-2024-6892

Summary

CWE-81 - Improper Neutralization of Script in an Error Message Web Page

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS