Security
Headlines
HeadlinesLatestCVEs

Headline

DerbyNet 9.0 photo.php Cross Site Scripting

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.

Packet Storm
#xss#vulnerability#web#git#java#php#auth
CVE ID: CVE-2024-30921Description:A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, specifically affecting the photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without requiring authentication.Vulnerability Type: Cross-Site Scripting (XSS)Vendor of Product: DerbyNet - Available on GitHub: https://github.com/jeffpiazza/derbynetAffected Product Code Base: DerbyNet - v9.0Affected Component: photo.phpAttack Type: RemoteImpact: Code executionAttack Vectors: The vulnerability can be exploited by navigating to a specially crafted URL such as:- http://127.0.0.1:8000/photo.php/<img src=x onerror=alert(1)>This method allows the attacker to inject arbitrary JavaScript that will be executed in the context of the victim's browser.Discoverer: Valentin LobsteinReferences:- Official website: http://derbynet.com- Source code on GitHub: https://github.com/jeffpiazza/derbynet

Packet Storm: Latest News

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download