CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php

Read Time:22 Second

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30920

Description:
A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet v9.0, specifically within the
`render-document.php` component. This vulnerability allows a remote attacker to execute arbitrary code via crafted
URLs. The root cause of the vulnerability is the application’s failure to properly sanitize user input in document
rendering paths, which permits the injection of malicious scripts….

icecat-flatpak-115.18.0-2

FEDORA-FLATPAK-2024-5ad8ccec67 Packages in this update: icecat-flatpak-115.18.0-2 Update description: Updated patchset for CVE-2024-11693 CVE-2024-11697 CVE-2024-11692 Read More

December 26, 2024

mupdf-1.24.6-2.fc40

FEDORA-2024-bfc5e25437 Packages in this update: mupdf-1.24.6-2.fc40 Update description: fix CVE-2024-46657 (rhbz#2331626) Read More

December 26, 2024

mupdf-1.21.1-6.el9

FEDORA-EPEL-2024-94a20f339a Packages in this update: mupdf-1.21.1-6.el9 Update description: fix CVE-2024-46657 (rhbz#2331625) Read More

December 26, 2024

DSA-5837-1 fastnetmon – security update

Two security issues have been discovered in FastNetMon, a fast DDoS analyzer: Malformed Netflow/sFlow traffic could result in denial of...

December 26, 2024

DSA-5836-1 xen – security update

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information...

December 26, 2024

DSA-5835-1 webkit2gtk – security update

The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-54479 Seunghyun Lee discovered that processing maliciously crafted web...

December 25, 2024

Scams Based on Fake Google Emails

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%

The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)

US and Japan Blame North Korea for $308m Crypto Heist

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

Spyware Maker NSO Group Liable for WhatsApp User Hacks

Major Biometric Data Farming Operation Uncovered

Ransomware Attack Exposes Data of 5.6 Million Ascension Patients

Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP

CVE-2024-30920: XSS Vulnerability in DerbyNet v9.0 via render-document.php

icecat-flatpak-115.18.0-2

mupdf-1.24.6-2.fc40

mupdf-1.21.1-6.el9

DSA-5837-1 fastnetmon – security update

DSA-5836-1 xen – security update

DSA-5835-1 webkit2gtk – security update