CVE-2023-24735
https://notcve.org/view.php?id=CVE-2023-24735
PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. • https://github.com/AetherBlack/CVE/tree/main/PMB • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-34328
https://notcve.org/view.php?id=CVE-2022-34328
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. PMB versión 7.3.10 permite un ataque de tipo XSS reflejado por medio del parámetro id en una petición lvl=author_see al archivo index.php • https://github.com/jenaye/PMB • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •