28 matches found
CVE-2024-30920
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component...
CVE-2024-30929
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php...
CVE-2024-30926
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component...
CVE-2024-30925
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component...
CVE-2024-30924
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component...
CVE-2024-30928
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...
CVE-2024-30922
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...
CVE-2024-30921
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...
CVE-2024-30928
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...
CVE-2024-30924
DerbyNet v9.0 and earlier are affected by a Cross‑Site Scripting vulnerability in the checkin.php component. The issue arises from improper handling/validation of the order parameter, which is embedded into JavaScript without proper sanitization, allowing an attacker to inject scripts and potenti...
CVE-2024-30922
DerbyNet v9.0 is affected by CVE-2024-30922: a SQL Injection in print/render/award.inc allows a remote attacker to execute arbitrary code via the where clause in Award Document Rendering. Exploitation is reported as unauthenticated/remote in multiple sources. Affected component: DerbyNet 9.0, mod...
CVE-2024-30922
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...
CVE-2024-30920
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component...
CVE-2024-30927
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component...
CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...
CVE-2024-30921
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...
CVE-2024-30926
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component...
CVE-2024-30926
DerbyNet, v9.0 and below, is affected by a cross-site scripting (XSS) vulnerability in the ./inc/kiosks.inc component. The root cause is improper sanitization of user-supplied input in URL parameters (notably id and address), allowing remote attackers to inject script and potentially execute arbi...
CVE-2024-30925
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component...
CVE-2024-30926
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component...