Vulnerabilities > Journyx

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-08	CVE-2024-6891	Code Injection vulnerability in Journyx 11.5.4 Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. network low complexity journyx CWE-94	8.8
2024-08-08	CVE-2024-6892	Cross-site Scripting vulnerability in Journyx 11.5.4 Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. network low complexity journyx CWE-79	6.1
2024-08-08	CVE-2024-6893	XXE vulnerability in Journyx 11.5.4 The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. network low complexity journyx CWE-611	7.5
2024-08-07	CVE-2024-6890	Use of Hard-coded Credentials vulnerability in Journyx 11.5.4 Password reset tokens are generated using an insecure source of randomness. network low complexity journyx CWE-798	8.8

Vulnerabilities > Journyx {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Journyx"}]}