71 matches found
CVE-2024-30920
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component...
CVE-2024-50724
KASO v9.0 was discovered to contain a SQL injection vulnerability via the personid parameter at /cardcase/editcard.jsp...
CVE-2024-50724
KASO v9.0 was discovered to contain a SQL injection vulnerability via the personid parameter at /cardcase/editcard.jsp...
CVE-2024-50724
KASO v9.0 was discovered to contain a SQL injection vulnerability via the personid parameter at /cardcase/editcard.jsp...
CVE-2024-50724
CVE-2024-50724 affects KASO v9.0 with a SQL injection vulnerability in the /cardcase/editcard.jsp endpoint via the person_id parameter. Root cause: improper handling of input in the SQL query leading to injection. Impact per provided data: high/critical confidentiality, integrity, and availabilit...
CVE-2024-50724
KASO v9.0 was discovered to contain a SQL injection vulnerability via the personid parameter at /cardcase/editcard.jsp...
CVE-2024-30926
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component...
CVE-2024-30924
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component...
CVE-2024-30925
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component...
CVE-2024-30929
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php...
CVE-2024-30928
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...
CVE-2024-30921
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...
CVE-2024-30922
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...
CVE-2024-30924
DerbyNet v9.0 and earlier are affected by a Cross‑Site Scripting vulnerability in the checkin.php component. The issue arises from improper handling/validation of the order parameter, which is embedded into JavaScript without proper sanitization, allowing an attacker to inject scripts and potenti...
CVE-2024-30924
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component...
CVE-2024-30922
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...
CVE-2024-30925
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component...
CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...
CVE-2024-30927
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component...
CVE-2024-30928
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...