Skip to main content

Journyx

4 CVEs product

Monthly

CVE-2024-6893 HIGH POC THREAT This Week

The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Journyx
NVD
CVSS 3.1
7.5
EPSS
32.9%
CVE-2024-6892 MEDIUM POC This Month

Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Journyx
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-6891 HIGH POC This Week

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Journyx
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-6890 HIGH POC This Week

Password reset tokens are generated using an insecure source of randomness. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Journyx
NVD
CVSS 3.1
8.8
EPSS
0.7%
EPSS 33% CVSS 7.5
HIGH POC THREAT This Week

The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Journyx
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Journyx
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Password reset tokens are generated using an insecure source of randomness. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Journyx
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy