CVE-2024-30925 – DerbyNet 9.0 photo-thumbs.php Cross Site Scripting

https://notcve.org/view.php?id=CVE-2024-30925

05 Apr 2024 — Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component. La vulnerabilidad de Cross Site Scripting en DerbyNet v9.0 y versiones anteriores permite a los atacantes ejecutar código arbitrario a través del componente photo-thumbs.php. DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php. • https://packetstorm.news/files/id/177951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •