Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:17 a.m.10 views

CVE-2024-30920

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component...

7.4CVSS7.3AI score0.01027EPSS
Exploits2References1
NVD
NVD
added 2024/04/18 10:15 p.m.19 views

CVE-2024-30929

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php...

8CVSS7AI score0.00981EPSS
Exploits2References2
NVD
NVD
added 2024/04/18 10:15 p.m.18 views

CVE-2024-30926

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component...

4.6CVSS7AI score0.00511EPSS
Exploits2References2
NVD
NVD
added 2024/04/18 10:15 p.m.23 views

CVE-2024-30925

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component...

6.5CVSS7AI score0.00567EPSS
Exploits2References2
NVD
NVD
added 2024/04/18 10:15 p.m.20 views

CVE-2024-30924

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component...

4.6CVSS7AI score0.00341EPSS
Exploits2References2
NVD
NVD
added 2024/04/18 10:15 p.m.19 views

CVE-2024-30928

SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...

8.1CVSS8.3AI score0.00724EPSS
Exploits2References2
NVD
NVD
added 2024/04/18 9:15 p.m.26 views

CVE-2024-30922

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...

9.8CVSS8.3AI score0.01429EPSS
Exploits2References2
NVD
NVD
added 2024/04/18 9:15 p.m.12 views

CVE-2024-30921

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...

5.4CVSS7AI score0.0062EPSS
Exploits2References2
Cvelist
Cvelist
added 2024/04/18 12:0 a.m.22 views

CVE-2024-30928

SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...

8.6AI score0.00724EPSS
Exploits2References1
CVE
CVE
added 2024/04/18 12:0 a.m.73 views

CVE-2024-30924

DerbyNet v9.0 and earlier are affected by a Cross‑Site Scripting vulnerability in the checkin.php component. The issue arises from improper handling/validation of the order parameter, which is embedded into JavaScript without proper sanitization, allowing an attacker to inject scripts and potenti...

4.6CVSS7.2AI score0.00341EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2024/04/18 12:0 a.m.59 views

CVE-2024-30922

DerbyNet v9.0 is affected by CVE-2024-30922: a SQL Injection in print/render/award.inc allows a remote attacker to execute arbitrary code via the where clause in Award Document Rendering. Exploitation is reported as unauthenticated/remote in multiple sources. Affected component: DerbyNet 9.0, mod...

9.8CVSS8.7AI score0.01429EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/18 12:0 a.m.14 views

CVE-2024-30922

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...

8.7AI score0.01429EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/18 12:0 a.m.22 views

CVE-2024-30920

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component...

7.2AI score0.01027EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/18 12:0 a.m.16 views

CVE-2024-30927

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component...

7.2AI score0.00551EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/18 12:0 a.m.33 views

CVE-2024-30923

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...

8.7AI score0.0137EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/18 12:0 a.m.15 views

CVE-2024-30921

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...

7.3AI score0.0062EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/18 12:0 a.m.11 views

CVE-2024-30926

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component...

7.3AI score0.00511EPSS
Exploits2References1
CVE
CVE
added 2024/04/18 12:0 a.m.68 views

CVE-2024-30926

DerbyNet, v9.0 and below, is affected by a cross-site scripting (XSS) vulnerability in the ./inc/kiosks.inc component. The root cause is improper sanitization of user-supplied input in URL parameters (notably id and address), allowing remote attackers to inject script and potentially execute arbi...

4.6CVSS7.2AI score0.00511EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/18 12:0 a.m.11 views

CVE-2024-30925

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component...

7.3AI score0.00567EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/18 12:0 a.m.20 views

CVE-2024-30926

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component...

7.2AI score0.00511EPSS
Exploits2References1
Rows per page
Query Builder