CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24733
https://notcve.org/view.php?id=CVE-2023-24733
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. • https://github.com/AetherBlack/CVE/tree/main/PMB • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24735
https://notcve.org/view.php?id=CVE-2023-24735
PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. • https://github.com/AetherBlack/CVE/tree/main/PMB • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34328
https://notcve.org/view.php?id=CVE-2022-34328
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. PMB versión 7.3.10 permite un ataque de tipo XSS reflejado por medio del parámetro id en una petición lvl=author_see al archivo index.php • https://github.com/jenaye/PMB • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2014-9457 – PMB 4.1.3 - (Authenticated) SQL Injection
https://notcve.org/view.php?id=CVE-2014-9457
SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. Vulnerabilidad de inyección SQL en classes/mono_display.class.php en PMB 4.1.3 y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro id en catalog.php. • https://www.exploit-db.com/exploits/35625 http://www.exploit-db.com/exploits/35625 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •