Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote malicious user to execute arbitrary code via the render-document.php component.
CVE ID: CVE-2024-30920
Description:
A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet v90, specifically within the
`render-documentphp` component This vulnerability allows a remote attacker to execute arbitrary code via crafted
URLs The root cause of the vulnerability is the application's failure to properly sanitize ...