Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2024-30921

Source

                CVE ID: CVE-2024-30921

Description:
A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, specifically affecting the 
photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without 
requiring authentication.

Vulnerability Type: Cross-Site Scripting (XSS)

Vendor of Product: DerbyNet - Available on GitHub: https://github.com/jeffpiazza/derbynet

Affected Product Code Base: DerbyNet - v9.0

Affected Component: photo.php

Attack Type: Remote

Impact: Code execution

Attack Vectors: The vulnerability can be exploited by navigating to a specially crafted URL such as:
- http://127.0.0.1:8000/photo.php/&lt;img src=x onerror=alert(1)&gt;

This method allows the attacker to inject arbitrary JavaScript that will be executed in the context of the victim's 
browser.

Discoverer: Valentin Lobstein

References:
- Official website: http://derbynet.com
- Source code on GitHub: https://github.com/jeffpiazza/derbynet
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives &amp; RSS: https://seclists.org/fulldisclosure/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-30921: Unauthenticated XSS Vulnerability in DerbyNet v9.0 via photo.php

Vulmon Search

About

Products

Connect