From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Affected Vendor and Product: - Vendor: Journeyx - Product: Journeyx (jtime) - Version: 11.5.4 2. Vulnerability Description: - An attacker can craft a malicious link such that, when clicked by a user, arbitrary JavaScript will execute in the context of the Journeyx web application. 3. Technical Description: - During the Active Directory login flow, if an error occurs, the user is redirected to a page displaying an error message. This error message is derived from the "error_description" query parameter in the URL. This parameter is not sanitized or validated, allowing attackers to inject malicious HTML/JavaScript into the "error_description" parameter. 4. Mitigation and Recommendations: - The issue is reported to be fixed in Journeyx v13.0.0. - For self-hosted JourneyX instances, additional security measures (such as input sanitization) can be implemented by monkey-patching the PYC file responsible for handling request parameters (mycgi.py). 5. Discoverer: - The vulnerability was discovered by Jaggar Henry of KoreLogic, Inc. 6. Disclosure Timeline: - January 31, 2024: KoreLogic notified Journeyx support about a vulnerability found in a licensed, on-premises product. - February 2, 2024: Journeyx confirmed receipt of the notification. - February 7, 2024: KoreLogic provided detailed vulnerability information to Journeyx. - February 9, 2024: Journeyx responded that the vulnerability had been fixed in the cloud-hosted version. - February 21, 2024: KoreLogic requested testing of the cloud version to verify the fix, but received no response. - July 1, 2024: KoreLogic notified Journeyx of an impending public disclosure. - July 9, 2024: Journeyx confirmed the fixed version number. - August 7, 2024: KoreLogic publicly disclosed the vulnerability. 7. Exploitation Example: - A URL is provided with the "error_description" parameter set to "%3Csvg%2fonload%3dprompt(%27KoreLogic%27)%3E". - This value decodes to "". - When the link is clicked or accessed, the browser executes the "prompt()" function, displaying a dialog box, thereby confirming the execution of arbitrary JavaScript. This information provides a detailed description of the reflected cross-site scripting (XSS) vulnerability in Journeyx, including the trigger conditions, mitigation steps, and key details about the discoverer.