CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php

Read Time:21 Second

Posted by Valentin Lobstein via Fulldisclosure on Apr 05

CVE ID: CVE-2024-30921

Description:
A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, specifically affecting the
photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without
requiring authentication.

Vulnerability Type: Cross-Site Scripting (XSS)

Vendor of Product: DerbyNet – Available on GitHub: https://github.com/jeffpiazza/derbynet

Affected…

Read More