Количество 2
Количество 2
CVE-2024-25737
A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.
GHSA-fwhc-mm9q-mqq8
VuFind Server-Side Request Forgery (SSRF) vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-25737 A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter. | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
| GHSA-fwhc-mm9q-mqq8 VuFind Server-Side Request Forgery (SSRF) vulnerability | CVSS3: 9.1 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу