CVE-2024-30921

Name of the Vulnerable Software and Affected Versions DerbyNet versions 9.0 and below

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the photo.php component. This enables the attacker to perform unauthorized actions on the affected system.

Recommendations For DerbyNet versions 9.0 and below, as a temporary workaround, consider disabling access to the photo.php component until a patch is available. Restricting access to this component can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.